Not quite. We had a couple domains that—when typed into the address bar—would offer a referral-option in the browser UI. If you quickly hit the enter key, you might mistakenly have selected one of those unintentionally. This was a UX bug on our end as the feature wasn't intended to match complete URLs.
The goal was to offer folks a means of supporting the development of a privacy-preserving browser, at no cost to them. We blogged about the feature at https://brave.com/blog/referral-codes-in-suggested-sites/, and ultimately disabled it by default. But there was never any "hijacking of links," or "swapping of affiliate codes".
The back and forth with Eich on Twitter and him defending it as ethical when it was first reported on painted a different picture at the time for me: https://imgur.com/a/MotmTGh
When pushback increased, it seemed like it was addressed and then retroactively labeled a bug.
Your own dismissiveness of the issue on Twitter, including posting an image which didn't reflect the actual user experience in Brave stable at the time, left a similarly bad taste: https://imgur.com/a/x9smj6M
That was when I thought the attribute was added only when the user searched, but it was added even to a FQDN which should not have been done.
We didn't make anything from this bug, fixed it quickly, it's a black mark on our shield still but it wasn't some mustache-twirling grand plan, believe me. It was a blunder.
The goal was to offer folks a means of supporting the development of a privacy-preserving browser, at no cost to them. We blogged about the feature at https://brave.com/blog/referral-codes-in-suggested-sites/, and ultimately disabled it by default. But there was never any "hijacking of links," or "swapping of affiliate codes".
The truth is less exciting, I know.