TechFlow reports that on December 9, the Web3 security team Scam Sniffer stated on X that most Solana wallet coin-stealing programs actively use third-party domains to bypass wallet blacklists. (For example, registering expired DAPP domains and now exploiting XSS vulnerabilities.)
If users see a DAPP pop up a second window (or redirect) requesting them to connect in another window, they should carefully verify its security.




