**Description: There is a scam with bogus rewards tokens as described in this article:
h-t-t-p-s://www . vice . com/en/article/epxxe7/received-some-random-cryptocurrency-it-might-be-a-phishing-scam
I received a token that was nominally shown as worth $17,000 - which is obviously bogus. The name of the token was " BONUS. VISIT [H-T-T-P-S://STBONUS . SITE TO RECEIVE REWARD
(note I added ‘-’ and spaces to the address so I could include it here in this feature request
If you navigate to that site and connect your MetaMask wallet, it can drain the entire wallet. Or at least I believe so. I fortunately rejected the connection request, so I’m not sure. When you connect MetaMask asks you to approve a whole bunch of things including trading. I could tell it was iffy and rejected the request.
The point is that newbies like me learn that you first connect the wallet to web sites. THEN after you’ve connected, you are asked to approve/reject requests for each subsequent transaction. In this case, it seems you are approving transactions just by merely connecting the wallet to the site. That’s stupid. Newbies like me may approve the connection on the assumption that there is no way they would be approving having their whole wallet drained without even being asked permission. This is f’n NUTS. You need to add more security when connecting the wallet. You can’t make it this easy for hackers to steal everything out of your wallet. FIX THIS
**Purpose:**Make it harder to have your wallet drained by merely connecting to a web site
Security for your wallet is as strong as your own knowledge base is and as strong as your ability to understand and avoid scams is. That involves dApps you interact with or smart contracts you approve and so on, which you need to double or triple-check to make sure they are legit and not scams. You should be really careful visiting unknown sites, malware or spyware could have be on your device, please run a scan.
Read these articles to start expanding your knowledge!:
I’m sorry but blaming the user or saying they should have known is not productive or helpful. If an application puts users funds at risk of unknowingly authorizing malicious activity on thier account, then thats a loophole in the app. While the knowlege/ experience of the user is important, it is a loophole scammers use to scam unsuspecting users,- especially newer ones. Much like the OP, I ended up on a fake beefy site (which looked identical to the real one) from a Google search because both CMC & Defi Llama had different addresses. Google is rife with scammers that can pay their way to the top of searches. Recently I’ve found ones for CMC as well (I rejected connection) and am sure any popular site. The user thinks they are on a legit site and connecting to sites is common as you enter them so fall into the trap. I knew what I fell into so rejected connection- CMC does not need access to my wallet to use it. MM should not allow/ or should warn the user what they are allowing the site to do before they click connect. MM should not allow connecting to sites that request moving funds without express permission for that token without the users saying that unlimited is ok (seperate from the normal connect wallet which only allows reading of balances. I do not know of any legit site that asks to do this.
The advice I was given was to use a browser such as duck duck go; only click on links from vetted and trusted sites and to bookmark legit sites.
If crypto is going to go main stream or get people to use self custody wallets, then we have to do as much as possible to defeat scammers. This involves education and apps & dApps building in safeguards to protect thier users. It will be a long road but small steps can help.