Connecting to dApps: permission model
When you “Connect” MetaMask to a dApp, you grant the site the ability to view your public address and request signatures. This is normal — but it is also a permission boundary. Only connect to sites you trust and minimize how many dApps retain persistent access to your wallet.
Minimize exposure
Use separate wallets for different purposes: a daily-use wallet for small trades and a cold/hardware wallet for long-term holdings. Limit approvals and use per-dApp accounts to reduce the impact of a compromised site.
Verify the site
Double-check domain names and ensure HTTPS. Beware of lookalike domains and phishing links on social media. Where possible, use official bookmarks or typed URLs to reach dApps.
Tip: Review connected sites in MetaMask and revoke access for any you no longer use.