ChainCatcher message, the Web3 security team Scam Sniffer posted on X that most Solana wallet theft programs actively use third-party domains to bypass wallet blacklists. (For example, registering expired DAPP domains, now exploiting XSS vulnerabilities.)If users see a DAPP pop up a second window (or redirect) asking them to connect in another window, please carefully check if it is safe.