Hot Wallets, Browser Extensions, and dApp Interaction

MetaMask

MetaMask is a browser extension and mobile app that serves as the primary gateway to Ethereum-compatible dApps. About 30 million people use it monthly. It works by injecting a JavaScript object (window.ethereum) into every web page you visit, which dApps use to request signatures and send transactions.

The security architecture has a known weakness: at certain points during operation, private keys are held unencrypted in browser memory. A 2025 security analysis confirmed that MetaMask's handling of keys in memory creates a window where a malicious browser extension or memory dump could theoretically extract them. This is inherent to how browser-based wallets work, not unique to MetaMask.

January 2026 saw signature phishing attacks (also called permit phishing) increase 207% compared to the same period the prior year. These attacks don't steal your seed phrase - they trick you into signing an off-chain authorization (an EIP-2612 permit) that gives the attacker permission to move your tokens. The signature happens in MetaMask's popup. The transaction cost is zero gas for you. The result is the same as handing over your tokens.

Phantom

Phantom started as a Solana-only wallet and expanded to Ethereum, Polygon, and Bitcoin in 2023-2024. It's the dominant browser wallet for Solana DeFi and NFTs.

A 2025 security disclosure revealed that Phantom, like MetaMask, has periods where private keys exist unencrypted in memory. This is a structural issue with browser-based key management, not a Phantom-specific vulnerability. Phantom has built-in malicious transaction detection that flags some known attack patterns before you sign, which is a meaningful defensive layer.

Phantom's primary risk surface is Solana's DeFi ecosystem, which moves faster and has less mature audit practices than Ethereum. If you're actively using Solana DeFi protocols, Phantom is the most practical wallet, but the same principles apply: small balances, dedicated browser profile, read before signing.

Rabby

Rabby is a browser extension wallet developed by DeBank. It has grown significantly in 2025-2026 among security-conscious DeFi users because of one specific feature: pre-transaction simulation.

Before you confirm any transaction, Rabby simulates what it will actually do. It shows you exactly which tokens leave your wallet, which arrive, and what the net change will be. For a simple token swap, this confirms you're getting what the dApp showed you. For a malicious approval or a drainer contract disguised as a mint, the simulation shows the truth before any funds move.

Rabby also receives regular third-party security audits and displays approval history, showing you what contracts currently have spending permissions on your tokens. If you're going to use a browser wallet for active DeFi, Rabby is the more security-oriented choice over MetaMask for most use cases.

Trust Wallet

Trust Wallet has over 200 million downloads and supports 100+ blockchains and 10 million+ tokens. It's primarily a mobile wallet, acquired by Binance in 2018 and later open-sourced.

In late 2024, a vulnerability in the Trust Wallet browser extension (not the mobile app) allowed attackers to extract private keys from affected installations. Estimated losses were approximately $6 million. Trust Wallet patched the extension and issued guidance, but the incident reinforced the risk profile of browser extensions relative to mobile or hardware alternatives.

Trust Wallet's mobile application is a reasonable choice for on-the-go management of smaller balances across many chains. The browser extension carries the same warning as all browser extension wallets: isolated browser profile, minimal balance, and verify every transaction.

Coinbase Wallet

There are two Coinbase products with different security models, and confusing them is a mistake many people make. Coinbase Exchange (custodial) holds your keys. Coinbase Wallet (self-custody) does not. This module concerns Coinbase Wallet.

Coinbase Wallet is a self-custody wallet available as a mobile app and browser extension. Your private key is generated on your device and encrypted with your chosen password. Coinbase cannot access it.

The 2024-2025 Coinbase security incident affected the exchange (custodial) product, not Coinbase Wallet. Criminals bribed external vendor support agents contracted to handle customer service. The stolen data was customer identifying information - names, addresses, phone numbers, partial government ID - not private keys. But this personal data was sufficient to run targeted social engineering attacks against high-value targets.

In July 2025, Coinbase announced a $5 million on-chain bug bounty and terminated the staff involved. The incident is instructive: the attack vector was human (bribery and social engineering), not technical. Institutional-grade infrastructure doesn't help if the operational security layer - the people - can be compromised.

Mobile Wallet Security

Mobile wallets sit in a different threat model than browser extensions. On a phone, every app runs in its own sandbox. The wallet app does not share process memory with your browser, your messaging apps, or any other installed app. Keys live in platform-managed secure storage, not in the wallet app's own memory the way a browser extension does. That isolation is the single biggest reason mobile wallets have a better security record than their browser-extension siblings, even when the same vendor builds both (Trust Wallet's ~$6M extension loss in late 2024 did not touch the mobile app).

How keys are actually stored

On iOS, mobile wallets store the encryption key for the seed inside the Secure Enclave - a hardware coprocessor present in every iPhone since the iPhone 5s (2013). The Secure Enclave runs its own OS, has its own memory, and never exposes the key to the main application processor. Wallet apps access it through Keychain Services with the kSecAttrTokenIDSecureEnclave attribute. Even a fully compromised iOS app cannot read the raw key - only ask the Enclave to sign with it after the user authenticates.

On Android, the equivalent is Android Keystore. On Pixel 3 and later plus most 2020+ flagships, Keystore is backed by StrongBox - a tamper-resistant chip (Titan M on Pixels) that provides the same hardware isolation as the Secure Enclave. On older or cheaper Android devices, Keystore falls back to a Trusted Execution Environment running on the main SoC via ARM TrustZone. TrustZone is isolated from the main Android OS but shares silicon with it, so it sits a step below StrongBox in tamper-resistance. The wallet app cannot tell the difference at the API level - it just calls Keystore and gets a key handle back.

The practical implication: if you set a wallet app to require biometric unlock and your phone is otherwise current on security patches, extracting the seed off the device is genuinely hard even with physical access. Hard enough that the realistic mobile attack vectors target what happens around the keys, not the keys themselves.

The real mobile attack surface

iOS versus Android in practice

iOS is the more locked-down platform by default. App Store review catches a meaningful fraction of fake-wallet submissions; sideloading requires either jailbreaking, a developer profile, or TestFlight with a specific invite. Android is more permissive: APK sideloading is a one-toggle setting, and accessibility services are a powerful capability that legitimate apps need but that trojans abuse. For a wallet device that holds anything material, an updated iPhone with no installed apps from outside the App Store is a stronger starting point than a typical Android device.

That said, a current Pixel running the latest Android with StrongBox-backed Keystore and Google Play Protect enabled is competitive. The weakness on Android is the long tail of older devices that no longer receive security patches but are still in daily use. If your phone stopped getting OS updates two years ago, it is not a wallet device.

How dApp Connections Work

The Injected Provider

When MetaMask (or any browser extension wallet) is installed, it injects a JavaScript object called window.ethereum into every web page you visit. When a dApp wants to interact with your wallet, it calls methods on this object: eth_requestAccounts to get your address, eth_sendTransaction to request a signature, eth_sign for message signing.

This is why a compromised browser extension that sits above MetaMask in the injection order can intercept these calls. An extension that overrides window.ethereum sees every dApp interaction before MetaMask does.

WalletConnect

WalletConnect is a protocol for connecting mobile wallets to desktop dApps without a browser extension. You scan a QR code with your mobile wallet; this establishes an encrypted session between your wallet and the dApp via WalletConnect's relay servers. The dApp sends transaction requests through the relay; your wallet displays them for your approval.

The risk in WalletConnect is the QR code itself. If an attacker substitutes a malicious WalletConnect QR code for a legitimate one (common in phishing sites that clone legitimate dApp interfaces), the session connects to the attacker's backend instead of the real dApp. You're then shown whatever transaction the attacker wants you to sign.

Token Approvals

Token approvals are one of the highest-risk areas in DeFi. When you interact with a DEX, lending protocol, or NFT marketplace, it typically asks you to approve a token allowance before the main transaction. This approval is a separate on-chain transaction that grants a smart contract address permission to move a specified amount of a token from your wallet.

The default for most protocols is unlimited approval. This is convenient because you only have to approve once rather than before every transaction. But it means that contract permanently has permission to drain your entire token balance, even years later. Every protocol exploit that has involved "draining user funds" in 2024-2025 relied on pre-existing unlimited approvals.

The defensive response is simple: visit revoke.cash monthly, connect your wallet, and revoke any approvals you don't actively need. The service is free and supports 100+ networks. When granting a new approval, set a specific token amount rather than unlimited whenever the protocol allows it. Module 5 covers the full approval management workflow.

Centralized Exchange Risks

The three largest crypto exchange hacks in recent memory illustrate different failure modes, none of which involved breaking the blockchain:

The pattern is consistent: exchange hacks attack the institution's key management, not the blockchain. For users, the implication is direct: only keep amounts on exchanges that you're comfortable losing completely. Anything you're holding long-term belongs in self-custody. The exchange is a trading venue, not a bank vault.