[Animats]

"Connecting a wallet" makes it vulnerable to Javascript from a web site? Who designed that?

[mNovak]

Unless I'm misunderstanding something, I don't think it can. Your ownership of NFTs and ETH balance is public info on chain, and the site can construct a malicious transaction giving them away, but it ultimately has to trick the user into signing it. Not really sure what leeway they have to manipulate how the wallet UI presents the tx to the user though.

[rattlesnakedave]

Metamask presents a big red warning when it requests a signature for a hex ETH transaction. But most people don’t read. Or they request token approvals users don’t bother to modify.

[Gigachad]

"requests a signature for a hex ETH transaction."

What an earth does that even mean? It's no wonder people keep messing this up. You need to spend half your life keeping up with the tech just to not get scammed.

[cowtools]

You don't know what a digital signature is?

This is the equivalent of being mad at banks because you don't understand what a bank routing number is.

>It's no wonder people keep messing this up.

The type of user that doesn't understand this should not even be using cryptocurrency in the first place.

[brutusborn]

I'm guessing the confusion is the "hex ETH" part. I know what a digital signature is and I can guess that ETH = ethereum, but have no idea what "hex" means so I can't "keep up" with your comment either.

[sbierwagen]

>The type of user that doesn't understand this should not even be using cryptocurrency in the first place.

Then why did all those cryptocurrency exchanges buy ads during the super bowl?

[cowtools]

Matt Damon told us fortune favors the brave. Everyone lost all their money- but they were brave in doing so! https://www.youtube.com/watch?v=gor-8erHxoY

[mNovak]

I believe the malicious tx is basically serialized into a hex string, so not easily inspected by the user. As such, the wallet gives a warning, which the user ignores

[sumeno]

Have you seen the rest of crypto? It's not very surprising