Phantom materializes ‘sign in with Solana’ wallet authentication

Phantom said it collaborated with Solana Labs to make the method compatible with Solana’s wallet standard, while also providing support for others within the ecosystem


Skorzewiak/Shutterstock, modified by Blockworks


Wallet service provider Phantom said Monday it has introduced a new feature allowing applications to authenticate users using a Solana address.

The introduction of Sign In With Solana (SIWS) is intended to improve the user experience and security by streamlining the traditional “connect” and “signMessage” flow into a single-click “signIn” method.

Traditionally, the connect function enables a user’s digital wallet to interact with an application, while “signMessage” allows the user to cryptographically verify their identity.

The message lacks human-readable information, which can sometimes lead to new and seasoned users agreeing to malicious prompts.

Even in cases when connecting a wallet to trusted applications, unexpected pop-up signatures can often confuse or frighten new users, Phantom said in a statement. This, in turn, can often be a major hurdle for new entrants, it said.

The one-click sign-in method, available as of Phantom version 23.11, allows Solana developers to prompt users to connect and sign a standardized authentication message and prove ownership of their addresses.

Designed as a drop-in replacement for the previous two-step authentication flow, the sign-in method also provides developers with a robust API for creating standardized authentication messages, Phantom said.

The responsibility for message construction shifts from applications to the wallet, allowing Phantom to scrutinize elements such as the site’s domain or the time of message issuance to ensure legitimacy.

It is unclear whether there could be fresh privacy concerns associated with the shift of responsibility in message construction. Blockworks has reached out to Phantom for comment.

In some instances, that construction may help slow or hinder the progress of malicious actors. That could help prevent instances like last year’s breach, when a coding error allowed hackers to easily find and use client passwords, leading to a breach in both Slope and Phantom wallets.

Private keys associated with the impacted wallets were either leaked or compromised, and these keys were then utilized to authorize fraudulent transactions, according to reports at the time.

The sign-in feature released on Monday makes authentication more consistent and allows Phantom to check for suspicious activity, its developers said.

Ethereum dapps similarly can facilitate a “sign in with Ethereum” feature using Ethereum Name Service (ENS), as part of a push for decentralized identity services.

Don’t miss the next big story – join our free daily newsletter.


Upcoming Events

MON - WED, MARCH 18 - 20, 2024

Digital Asset Summit (DAS) is returning March 2024. What you can expect: And more! Don’t miss out on the opportunity to be in the room when the future of crypto is decided. Join us and help shape the future of our […]

recent research

Research report - cover graphics-2.jpg


Base has doubled-down on its commitment to the Superchain vision, has shown early signs of success with nearly $400M in TVL, and has become home to novel dapps such as which has seen significant traction.


Blockchain is a “natural fit” in games based on open economies and user-generated content, says Wyatt


Their current stance is a half-baked attempt that could stifle innovation and burden an emerging industry


Maker’s DeFi-focused “subDAO” passed a proposal activating a lending market for DAI on the Gnosis Chain


Certain creditors could be repaid sooner, with one hedge fund exec telling Blockworks it expects a payout by the end of the year


Busan is South Korea’s second largest city with a population around 3.4 million


Cyprus granted eToro crypto registration, setting the groundwork for the company to operate crypto services post-MiCa rollout