Hi all . re: m.mask security ...... if you have very small/low risk funds in m.mask wallet , as recommended , but from a phishing/hacking perspective , you have : connected sites : to wallet , does this mean if wallet is accessed by hacker that they can then access connected sites ?
First. If you're not using web MetaMask Extension versions 10.11.3 and above and you connected your wallet to a phishing website. According to the research done by
Halborn. Yes, the coins in your metamask wallet can be accessible by a hacker because your wallet's secret recovery phrase can be extracted.
Second. If you enter your wallet secret recovery phrase or private keys on the phishing website, you have automatically given them access to your metamask wallet.