[darcys22]

There is a difference between signing a transaction and signing a string. The warning you have linked pops up when a signing of a string occurs and warns that if the person embeds a transaction in that string you are signing whatever transaction they have made.

There is a new method they have for signing strings that does not allow a transaction to be signed so its safer.

The crypto drainer seems to directly be sending the NFTs and assuming that the user cant understand the transaction and what its actually doing.