[caylus]

Others in the thread have mentioned that the MetaMask wallet provides a warning prior to allowing a site like this to access the wallet.

For reference, this appears to be an example of that warning: https://github.com/MetaMask/metamask-extension/issues/11337

Transcript: "Signing this message can have dangerous side effects. Only sign messages from sites you fully trust with your entire account. This dangerous method will be removed in a future version."

Presumably part of the issue is that a legitimate "NFT mint" transaction might also carry the same warning.

[darcys22]

There is a difference between signing a transaction and signing a string. The warning you have linked pops up when a signing of a string occurs and warns that if the person embeds a transaction in that string you are signing whatever transaction they have made.

There is a new method they have for signing strings that does not allow a transaction to be signed so its safer.

The crypto drainer seems to directly be sending the NFTs and assuming that the user cant understand the transaction and what its actually doing.