This page explains how to connect dApp to MetaMask and how to connect MetaMask to web3 sites. If you use a software wallet on desktop or phone to trade, stake, swap, or interact with DeFi, this is for you. I’ve been using MetaMask daily for months and I’ll share practical steps, real pitfalls, and small fixes I’ve learned the hard way.
Who should look elsewhere? If you prefer cold storage for daily funds or rely exclusively on hardware wallets for signing, parts of this guide (mobile dApp browser tips, WalletConnect flows) won't apply. See the hardware wallet integration and smart-contract wallets / AA pages for other flows.
There are three common connection flows you’ll see when a web3 site asks to connect:
Each path results in the site gaining permission to request transactions and read your public account addresses. But permissions are not the same as ownership. Always confirm the network (mainnet, L2, or a testnet) before approving.
This is the injected provider flow many DeFi sites expect. Steps below assume you already have the extension installed (see install extension).
If the site doesn’t detect the wallet, try a hard refresh or open the extension then the site. Why does this happen? Sometimes the site checks for window.ethereum before the extension is ready.
Mobile is where most users interact with DeFi. There are two main patterns.
Mobile in-app dApp browser
WalletConnect (QR / deep link)
And yes, the mobile dApp browser behaves differently from desktop. Some sites assume an injected provider and others prefer WalletConnect, so you’ll often see both options.
See walletconnect guide and connect-walletconnect for more details.
| Method | How it works | Best for | Security trade-offs |
|---|---|---|---|
| Injected provider (extension) | Site sees window.ethereum and requests accounts | Desktop users who want fast interactions | Easier to click-approve unwanted txs if not careful |
| Mobile dApp browser | Wallet opens website with injected provider | Phone-first users who use many dApps | Phishing via in-browser redirects is possible |
| WalletConnect | QR or deep link session between site and mobile wallet | Desktop site + mobile wallet pairing | Session persists until revoked; check connected sites |
| Hardware wallet (via extension) | External signer authorizes transactions | Users who combine convenience & security | Extra steps to sign each tx (safer, slower) |
If you’re a developer trying to connect MetaMask to my website, use the EIP-1193 provider methods. Example (minimal):
// quick example
if (window.ethereum && window.ethereum.isMetaMask) {
const accounts = await window.ethereum.request({ method: 'eth_requestAccounts' });
console.log('Connected', accounts[0]);
}
Also handle chain changes and account changes (listen to 'chainChanged' and 'accountsChanged'). If your site depends on a specific chain, detect it and prompt the user to switch (see connect-to-networks and add-custom-network). For libraries, check connect-web3-react and metamask-api-connect.
If a connection button is unresponsive, see connect-button-troubleshoot and troubleshoot-dapp-connections.
I once approved a malicious contract because I skipped checking the transaction calldata. Don’t repeat my mistake.
Q: Is it safe to keep crypto in a hot wallet? A: Hot wallets are convenient for daily DeFi activity. They are not as secure as cold storage. Keep only what you need for day-to-day use in a software wallet and store long-term funds offline.
Q: How do I revoke token approvals? A: Use the wallet’s Connected Sites page to disconnect, and a permission-revoker tool or the protocol UI to revoke token approvals. See token-approvals-revoke for step-by-step guidance.
Q: What happens if I lose my phone? A: If you have your seed phrase (recovery phrase) backed up, you can restore your wallet on a new device. If not, funds tied to that private key are unrecoverable. See backup & recovery for options. And if you didn’t back up, that’s a hard lesson — I learned that early on.
Q: Why won’t the dApp see my wallet on desktop? A: Common causes are blocked extensions, popup blockers, or sites that require HTTPS. Try a refresh, disable blockers, or test in a fresh browser profile.
Connecting MetaMask to dApps is straightforward once you understand the three main flows: injected provider, mobile dApp browser, and WalletConnect. Each has trade-offs between convenience and security. When you first connect, double-check the site, the requested permissions, and the network.
Want to get started? If you don’t have the extension or mobile app yet, see install extension and install mobile app. Need to create or restore a wallet first? See create or restore wallet. For security best practices, visit security best practices.
If you have a specific connection error, check troubleshoot dApp connections or ask on the developer guides at developer connect.
Ready to connect a dApp? Start small. Approve one read-only permission, test a tiny transaction, and then expand your activity as you gain confidence.