If your site is being flagged as malicious when connecting Slush, it means a browser, wallet extension (like MetaMask), or security service (like Google Safe Browsing) has marked it as unsafe.

This usually happens because your wallet or browser is using a security service (like Google Safe Browsing) that has flagged your domain as potentially malicious or suspicious. Even if it's safe, automated systems can make mistakes, especially with newer or less trafficked domains, or if certain site characteristics trigger their heuristics. To fix this: First, ensure your website has a valid, up-to-date SSL certificate from a trusted authority; an expired or self-signed one often triggers warnings. Second, check your website's code for any embedded scripts, links, or redirects that could be misinterpreted as malicious. Finally, the most effective solution for a false positive is to report it directly to the wallet provider's support team or the security service they use (e.g., Google Safe Browsing), explaining that your site is legitimate. They have processes to review and delist domains.

If your website is showing a “malicious” warning when you try to connect the wallet and you own the site, here’s how you can fix it so your wallet integration works properly.

You should first check that your site is secure and following best-practices. For example:

Make sure you’ve got a valid SSL certificate installed and your site loads under HTTPS (not HTTP) so browsers don’t flag insecure connections.

Check whether any part of your site (scripts, iframes, links) is loading from suspicious or insecure sources, or if you have code that looks like phishing or malware.

If you are using a wallet-connect or dApp integration (e.g., “Connect Wallet” pop-up), ensure you are using the correct and recommended APIs for the wallet provider (so that the wallet doesn’t flag your site as suspicious).

Once you have confirmed the above, you can submit a review to the browser/flagging service (often via Google Safe Browsing or whichever system your users’ browser uses) to have the warning removed. Here’s a typical process:

Use a website-security diagnostic (for example via Google Search Console) to check for malware or phishing flags.

Clean up any flagged content – remove malware code, insecure links, outdated plugins, or anything that may trigger a suspicious-site label.

When you’re confident the site is safe, request a review or removal of the flag via the Safe Browsing or search-console interface.

Transaction block

If you already asked users to connect their wallet and you want to ensure safe transactions:

Verify that the site requesting the wallet connection is exactly the one you own (check domain and certificate)

Ensure your wallet integration uses minimal permissions and the official wallet SDK/API

Ask users to check for any warning in their wallet extension (e.g., “This dApp could be malicious”) and contact the wallet provider if you believe the warning is incorrect.