In DeFi 101, @amadeobrands says several times that he allows access to his Metamask wallet because he “trusts” the platform that he is using. In what sense do we need to trust the platform just for the initial access to Metamask, what is the risk? (Since any actual transaction still needs the user’s explicit approval).
I assume it would be possible for an attacker to sign a transaction instead of you. After all, metamask is a hot wallet. You want to make sure you connected to the right platform before you connect your hot wallet. In order for you to be more safe, you can always use a hardware wallet. You approve all the transactions on the device itself, so there is no reason to worry too much. An attacker could still try and make you send the funds to his adddress, but you can check the address on the hardware device itself. He can’t manipulate your hardware screen, only your computer screen. Whatever shows on the hardware device, is the truth.
I agree with the added security of a hw wallet of course.
But if an attacker can sign with my Metamask, presumably he/she can also make my Metamask trust a platform. So my question is, does this initial step (of clicking “trust” for a new platform) actually provide any security?