How to identify verified tokens in Phantom? (Scam Protection)

Understanding Token Verification in Phantom Wallet

1. Phantom displays a verified badge next to certain tokens within its interface — this badge appears as a small green checkmark adjacent to the token name and symbol.

2. The verification status is not applied automatically by Phantom but relies on data pulled from third-party sources including CoinGecko, CoinMarketCap, and project-submitted metadata via Phantom’s official token registry process.

3. Tokens listed on major centralized exchanges like Binance or Coinbase often have higher chances of being recognized as verified due to their public listing documentation and audit trails.

4. Users can manually inspect the token contract address by clicking on the token details page — discrepancies between displayed name and actual deployed contract indicate high-risk scenarios.

5. Phantom does not verify smart contracts for security vulnerabilities — verification only confirms identity alignment, not code safety.

How Phantom Sources Its Verification Data

1. Phantom integrates with decentralized identifiers (DIDs) and domain-based verification where projects link their wallet addresses to verified domains through DNS TXT records.

2. Projects may submit token information directly to Phantom’s GitHub repository under the tokens directory — submissions undergo community review before merging.

3. Verified tokens often include standardized metadata such as logo URI, decimals, and description — unverified tokens frequently lack consistent or complete metadata fields.

4. Phantom cross-references ENS names associated with token contracts — if an ENS resolves to a known project website and matches social media handles, confidence increases.

5. No on-chain cryptographic signature proves verification — it remains a curated list rather than a trustless mechanism.

Red Flags That Indicate Unverified or Malicious Tokens

1. A token shows no badge despite having significant trading volume — this signals absence from trusted data feeds or deliberate omission during submission.

2. The token name closely mimics a well-known project but uses slightly altered spelling or Unicode characters — these are common homograph attacks targeting visual similarity.

3. Contract ownership is renounced without timelock mechanisms or multisig governance — verified tokens rarely exhibit irreversible owner abandonment unless part of transparent decentralization plans.

4. Liquidity pool tokens appear alongside mainnet tokens without clear labeling — scammers often bundle fake LP tokens to simulate legitimacy.

5. Transaction history reveals rapid minting events followed by immediate transfers to burner wallets — verified tokens typically demonstrate organic accumulation patterns.

Manual Verification Steps Users Can Take

1. Copy the token contract address from Phantom and paste it into Solscan or SolanaFM to view deployment timestamp, transaction count, and holder distribution.

2. Search the same contract address on RugCheck or SonarScan to retrieve automated security scoring and potential red-flag indicators like hidden mint functions.

3. Check whether the token has been audited — legitimate audits from firms like Kudelski Security or Neodyme appear in publicly shared PDF reports linked from official project websites.

4. Compare the token’s Twitter, Discord, and Telegram links across multiple platforms — inconsistent or newly created accounts suggest impersonation attempts.

5. Use Phantom’s built-in “Send” function to preview recipient address resolution — if the address fails to resolve to a known domain or ENS, proceed with caution.

Frequently Asked Questions

Q: Does Phantom charge projects to get verified?A: No. Phantom does not accept payments for token verification. All submissions are open-source and reviewed voluntarily.

Q: Can a verified token still rug pull?A: Yes. Verification confirms identity only — it does not guarantee financial integrity, economic model sustainability, or resistance to malicious upgrades.

Q: Why do some tokens show “Verified” on SolanaFM but not in Phantom?A: Phantom maintains its own independent verification pipeline and does not sync real-time with other explorers’ labels. Discrepancies arise from differing curation criteria and update frequencies.

Q: How often does Phantom update its verified token list?A: Updates occur irregularly based on merged pull requests in the official GitHub repository — there is no fixed schedule, and delays of several days between submission and appearance are common.