Is it dangerous to connect my wallet to TokenOps/BEX?
Connecting a wallet is not the same as giving a website control over your funds.
What wallet connect does
When you connect a Solana wallet, the site can usually see your public wallet address.
That public address is already public on-chain. It is not your private key and it is not your seed phrase.
What wallet connect does not do
Connecting alone should not allow a site to:
- move your tokens
- approve a burn
- approve a payment
- change your wallet
- see your seed phrase or private key
Those actions require a wallet approval prompt, and in most cases a signed transaction.
What you should check before approving anything
Before connecting or signing, check:
- The domain is the expected TokenOps/BEX domain.
- The wallet popup is opened by Phantom, Solflare, or the wallet you intentionally use.
- The prompt asks for the action you expect.
- A simple login/proof prompt should be a message signature, not an unexpected token transfer.
- A burn prompt should show the token/mint and the amount you intend to burn.
- A payment prompt should show the expected payment amount and recipient context.
If the wallet shows an unknown token transfer, unknown program, unexpected amount, or anything unrelated to the action you requested, reject it.
Message signature vs transaction
A message signature is normally used to prove that you control a wallet. It should not move tokens by itself.
A transaction can change on-chain state. A burn, transfer, payment, or approval is a transaction. Read it carefully before approving.
What TokenOps/BEX should never ask for
TokenOps/BEX should never ask for:
- seed phrase
- private key
- wallet recovery words
- browser extension password
- remote control access to your wallet
If any page asks for those, stop immediately.
How to reduce risk
- Use a dedicated project/admin wallet instead of your main treasury wallet.
- Keep only the required token amount in the wallet used for a burn.
- Disconnect old site permissions in your wallet settings when you no longer need them.
- Use the wallet browser only from trusted links.
- Keep your wallet app and browser extension updated.
If you are unsure
Reject the wallet prompt.
Nothing on TokenOps/BEX should require you to approve a prompt you do not understand. You can reconnect later after checking the domain, the action, and the wallet details.