Request Blocked - dApp May be malicious

[dexcharts]

Summary

I'm having trouble getting my dApp approved by the review team. I've provided KYC (Passport photos, ID photos, videos of me holding my passport and asking to be unblocked and showing my dApp) and my social media (10+ year plus Facebook history showing that the documents are not forged and other proof) but can't get unblocked because I haven't built relationships with other devs in the Solana dev / EMV community yet.

I am a resident of Canada, and a citizen of Canada and France. I live in a country where there is rule of law. I have never had a twitter and have learned on my own so I've never developed a network of mentors / dev friends to secure a vouch. It's frustrating because I'm getting clicks on google but users are being turned away because Phantom is flagging my dApp's transactions as malicious because Phantom/Blowfish are unwilling to whitelist my domain unless I am part of this vouch network.

I understand that the verification requirements must be strict but if the barrier of entry for new developers is too high, it reduces competition for between dApps making Solana worse as a whole. All I wish for is a fair chance at my app competing in the ecosystem.

I'm currently trying to find a vouch in developer communities.

If you have any suggestions where to start or know anyone that can help, please let me know.

dApp:
https://claimsolana.io/

Example

https://claimsolana.io/

Steps to Reproduce

All transactions are flagged as malicious.

Phantom Version

No response

Is there an existing discussion for this?

• I have searched the existing discussions

[dexcharts]

I have sent ample KYC photos showing my passports and drivers licence. I've sent videos while speaking holding my passports and showing my dApp, and provided multiple social media accounts including my personal Facebook account with posts from family members and friends dating back 10+ years but the response has been so far to ignore it and suggest that I need a vouch from a known developer that is trusted by Phantom's review team.

In their latest response they have simultaneously told me to not try to develop connections with people I don't know while insisting that I secure a vouch from someone trusted. This is a strange way of doing business.

My domain was unblacklisted on March 8th 2025, and has yet to be whitelisted since I started inquiring about their second remaining block since 16 Apr 2025. This block is due to not being approved for their "whitelist". We have now been in communication again daily for 7 days, with 45 days passing since I've began trying to resolve this.

The team still insists that I continue to seek vouches from already established developers but this system has created a situation where people are so desperate that other developers can sell vouches to enter the whitelist.

I'm speaking in developer chats and trying to build relationships with other developers because the only way to get whitelisted it seems is to have these connections, but I'm only being contacted by scammers and developers wishing to sell vouches, including some who have provided proof of their services working and being verified by the Phantom team. The system is flawed.

Currently my best option is an in person meetup about 3 hours away at a reputable Solana coworking meetup, but since I am not local this will require me to dedicate a full day plus costs of travel and parking in order to meetup with developers from a collective I was recommended, while the requirements remain rather vague on Phantom/Blowfish's end.

Something needs to be done about this verification process as there are no clear steps or requirements that outline what is truly needed to be verified in order for your dApp to not be blocked by Solana's largest wallet provider, and the support is not giving clear answers on what is required.

The team responds that they are "relying mostly on the team members' social and GitHub profiles as these will have an established history" to verify the whitelisting, then seemingly completely ignore the social media profiles provided without explanation, only to ask for a vouch to continue the verification stating "as a last resort you can have any other developers in the ecosystem who are already established" vouch.

From the perspective of a new developer in the Solana ecosystem, this does not seem to me like the "last resort" but the first and only option accepted.

Many other developers are facing the same issue, this topic comes up frequently in the developer chats I've joined.

Please adjust the verification process Phantom uses to be more clear, as it is driving away new developers and hurting the growth of the Solana ecosystem.

[dexcharts]

On top of all this,the documentation page linked on blowfish.xyz (The service acquired by Phantom to verify Tokens and dApps) is password protected and the Phantom documentation for this issue is extremely limited in outlining what is required to solve the issue.

This is a confusing state of affairs for Phantom wallet, which is the main choice of almost all Solana users and for developers who wish to provide support for Solana's most popular wallet.

[dexcharts]

This system creates a market for "trusted" developers to sell vouches to ANYONE who will pay. The way it's being done now makes absolutely zero sense. This is also a Phantom specific issue, so getting help in Solana communities is often discouraged because often the response is that they are not there to give wallet specific support. This is true at least for the official Solana discord explicitly, and is often the case on other community servers. Discussion on Phantom's official discord remains closed.

[dexcharts]

The issue with my domain has been resolved.