dApp - Request Blocked - dApp May Be Malicious

[ksomsap]

Summary

I’ve launched two Solana-based dApps recently — after months of solo development. I’ve built both platforms from scratch using only open-source tools and documentation provided by the Solana ecosystem.

However, both of my sites are now being flagged by Phantom with the following warning:
"Request Blocked – dApp May Be Malicious"

This alert disables wallet connection and shows users multiple red warning messages, which instantly kills trust and usability. I have no harmful code, no shady prompts, and my sites don’t interact with users’ funds outside of standard Solana token operations.

About the dApps
1.
Helps users reclaim SOL by closing their empty/unused token accounts.
2.
Lets users easily create SPL tokens using @solana/spl-token and @solana/web3.js.

Both apps are fully client-side, do not store user data, and strictly follow best practices using Solana wallet adapters.

The Problem

I’ve reached out to Phantom/Blowfish and learned that new dApps may get flagged if they lack visibility, developer history, or community vouches. Unfortunately, I’m a solo, self-taught dev with:

No large community backing or endorsements

I understand the need for caution, but the current approach blocks legitimate new devs from growing. It’s heartbreaking to see so much time, energy, and money go to waste because I don’t have a popular reputation.

Example

Steps to Reproduce

Visit -

1. Connect Phantom Wallet
2. Perform any wallet interaction (create token, close token account)
3. Phantom will block the transaction with a red warning screen and label the dApp as potentially malicious

Phantom Version

No response

Is there an existing discussion for this?

• I have searched the existing discussions

[maahir786]

hey bro i have the same issue, i have made an app too but just got this. thing is ive previously made a site and never had this issue. I emailed blowfish and they got back me to with an 'instant' soltion saying if you add 'signAndSendTransaction' to your token transfer model then the issue wont happen. However I have tried and this and still seem to get the message. have you managed to fix this/ have phantom reply to you?

[adamdelphantom]

@ksomsap @maahir786 Please continue to work with the [email protected] email to resolve these issues.

[TechSavvyAce]

I'm dealing with the same problem! I emailed them and got a response saying they're having trouble verifying my account with the info I provided. They mentioned that if I can prove I’ve got connections with the Solana developer community, they can speed up my application. They suggest getting someone who's well-known in the community (but not an influencer) to vouch for me, preferably through Twitter. This should really help cut down the wait time for the whitelisting process. Any ideas on how I can sort this out?

[maahir786]

mine just randomly dissappeared after a week or so. i emailed blowfish and they said only way was to send them details of my page/ have someone known in the solana community vouch for me - but I never bothered replying as i'm a small time dev. I think mine worked bcos of the signandsendtransaction code i used - guess it just took some time to kick in and work.