fix: strip wildcard prefixes from vendored blocklist entries

The MetaMask blocklist contains 2 entries with '*.' wildcard prefixes
(e.g. *.coinbase-563513.com). These were stored literally and never
matched because hostnameVariants() doesn't generate '*.' prefixed
strings. Fix: normalizeDomain() strips the '*.' prefix at load time
and during delta computation. The subdomain matching in
hostnameVariants() already handles child domains correctly.

Found during review.

src/background/index.js

@@ -12,6 +12,10 @@ const { refreshBalances, getProvider } = require("../shared/balances");
 const { debugFetch } = require("../shared/log");
 const { decryptWithPassword } = require("../shared/vault");
 const { getSignerForAddress } = require("../shared/wallet");
+const {
+    isPhishingDomain,
+    updatePhishingList,
+} = require("../shared/phishingDomains");
 
 const storageApi =
     typeof browser !== "undefined"
@@ -571,6 +575,10 @@ async function backgroundRefresh() {
 
 setInterval(backgroundRefresh, BACKGROUND_REFRESH_INTERVAL);
 
+// Fetch the MetaMask eth-phishing-detect domain blocklist on startup.
+// Refreshes every 24 hours automatically.
+updatePhishingList();
+
 // When approval window is closed without a response, treat as rejection
 if (windowsApi && windowsApi.onRemoved) {
     windowsApi.onRemoved.addListener((windowId) => {
@@ -643,6 +651,8 @@ runtime.onMessage.addListener((msg, sender, sendResponse) => {
                 resp.type = "sign";
                 resp.signParams = approval.signParams;
             }
+            // Flag if the requesting domain is on the phishing blocklist.
+            resp.isPhishingDomain = isPhishingDomain(approval.hostname);
             sendResponse(resp);
         } else {
             sendResponse(null);

src/popup/index.html

@@ -56,9 +56,37 @@
                     < Back
                 </button>
                 <h2 class="font-bold mb-2">Add Wallet</h2>
+
+                <!-- Mode selector tabs -->
+                <div
+                    class="flex border-b border-border mb-3"
+                    id="add-wallet-tabs"
+                >
+                    <button
+                        id="tab-mnemonic"
+                        class="px-3 py-1.5 cursor-pointer text-xs font-bold border border-border border-b-bg bg-bg -mb-px"
+                    >
+                        From Phrase
+                    </button>
+                    <button
+                        id="tab-privkey"
+                        class="px-3 py-1.5 cursor-pointer text-xs text-muted border border-dashed border-border-light border-b-transparent -mb-px hover:bg-fg hover:text-bg"
+                    >
+                        From Key
+                    </button>
+                    <button
+                        id="tab-xprv"
+                        class="px-3 py-1.5 cursor-pointer text-xs text-muted border border-dashed border-border-light border-b-transparent -mb-px hover:bg-fg hover:text-bg"
+                    >
+                        From xprv
+                    </button>
+                </div>
+
+                <!-- Mnemonic form section -->
+                <div id="add-wallet-section-mnemonic">
                     <p class="mb-2">
-                    Enter your 12 or 24 word recovery phrase below, or click the
+                        Enter your 12 or 24 word recovery phrase below, or click
-                    button to roll the die for a new one.
+                        the button to roll the die for a new one.
                     </p>
                     <div class="mb-1 flex justify-end">
                         <button
@@ -79,14 +107,54 @@
                     </div>
                     <div
                         id="add-wallet-phrase-warning"
-                    class="text-xs mb-2 border border-border border-dashed p-2 hidden"
+                        class="text-xs mb-2 border border-border border-dashed p-2"
+                        style="visibility: hidden"
                     >
-                    Write these words down and keep them safe. Anyone with them
+                        Write these words down and keep them safe. Anyone with
-                    can take your funds; if you lose them, your wallet is gone.
+                        them can take your funds; if you lose them, your wallet
+                        is gone.
                     </div>
+                </div>
+
+                <!-- Private key form section -->
+                <div id="add-wallet-section-privkey" class="hidden">
+                    <p class="mb-2">
+                        Paste your private key below. This wallet will have a
+                        single address.
+                    </p>
+                    <div class="mb-2">
+                        <input
+                            type="password"
+                            id="import-private-key"
+                            class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
+                            placeholder="0x..."
+                        />
+                    </div>
+                </div>
+
+                <!-- Extended key (xprv) form section -->
+                <div id="add-wallet-section-xprv" class="hidden">
+                    <p class="mb-2">
+                        Paste your extended private key (xprv) below. This will
+                        import the HD wallet and scan for used addresses.
+                    </p>
+                    <div class="mb-2">
+                        <input
+                            type="password"
+                            id="import-xprv-key"
+                            class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
+                            placeholder="xprv..."
+                        />
+                    </div>
+                </div>
+
+                <!-- Shared password fields -->
                 <div class="mb-2" id="add-wallet-password-section">
                     <label class="block mb-1">Choose a password</label>
-                    <p class="text-xs text-muted mb-1">
+                    <p
+                        class="text-xs text-muted mb-1"
+                        id="add-wallet-password-hint"
+                    >
                         This password encrypts your recovery phrase on this
                         device. You will need it to send funds.
                     </p>
@@ -107,64 +175,6 @@
                 <button
                     id="btn-add-wallet-confirm"
                     class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
-                >
-                    Add
-                </button>
-                <div class="mt-3 text-xs text-muted">
-                    Have a private key instead?
-                    <button
-                        id="btn-add-wallet-import-key"
-                        class="underline cursor-pointer bg-transparent border-none text-fg text-xs font-mono p-0"
-                    >
-                        Import private key
-                    </button>
-                </div>
-            </div>
-
-            <!-- ============ IMPORT PRIVATE KEY ============ -->
-            <div id="view-import-key" class="view hidden">
-                <button
-                    id="btn-import-key-back"
-                    class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer mb-2"
-                >
-                    &lt; Back
-                </button>
-                <h2 class="font-bold mb-2">Import Private Key</h2>
-                <p class="mb-2">
-                    Paste your private key below. This wallet will have a single
-                    address.
-                </p>
-                <div class="mb-2">
-                    <input
-                        type="password"
-                        id="import-private-key"
-                        class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
-                        placeholder="0x..."
-                    />
-                </div>
-                <div class="mb-2" id="import-key-password-section">
-                    <label class="block mb-1">Choose a password</label>
-                    <p class="text-xs text-muted mb-1">
-                        This password encrypts your private key on this device.
-                        You will need it to send funds.
-                    </p>
-                    <input
-                        type="password"
-                        id="import-key-password"
-                        class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
-                    />
-                </div>
-                <div class="mb-2" id="import-key-password-confirm-section">
-                    <label class="block mb-1">Confirm password</label>
-                    <input
-                        type="password"
-                        id="import-key-password-confirm"
-                        class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
-                    />
-                </div>
-                <button
-                    id="btn-import-key-confirm"
-                    class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
                 >
                     Import
                 </button>
@@ -175,7 +185,7 @@
                 <!-- active address headline -->
                 <div
                     id="total-value"
-                    class="text-2xl font-bold min-h-[2rem]"
+                    class="text-2xl font-bold min-h-[2rem] text-fg"
                 ></div>
                 <div
                     id="total-value-sub"
@@ -366,7 +376,8 @@
                 </p>
                 <div
                     id="export-privkey-flash"
-                    class="text-xs mb-2 hidden"
+                    class="text-xs mb-2 min-h-[1.25rem]"
+                    style="visibility: hidden"
                 ></div>
                 <div id="export-privkey-password-section" class="mb-2">
                     <label class="block mb-1">Password</label>
@@ -570,16 +581,71 @@
                     <div class="text-xs text-muted mb-1">Your balance</div>
                     <div id="confirm-balance" class="text-xs"></div>
                 </div>
-                <div id="confirm-fee" class="mb-3 hidden">
+                <div id="confirm-fee" class="mb-3" style="visibility: hidden">
                     <div class="text-xs text-muted mb-1">
                         Estimated network fee
                     </div>
                     <div id="confirm-fee-amount" class="text-xs"></div>
                 </div>
-                <div id="confirm-warnings" class="mb-2 hidden"></div>
+                <div
+                    id="confirm-warnings"
+                    class="mb-2"
+                    style="visibility: hidden"
+                ></div>
+                <div
+                    id="confirm-recipient-warning"
+                    class="mb-2"
+                    style="visibility: hidden"
+                >
+                    <div
+                        class="border border-red-500 border-dashed p-2 text-xs font-bold text-red-500"
+                    >
+                        WARNING: The recipient address has ZERO transaction
+                        history. This may indicate a fresh or unused address.
+                        Double-check the address before sending.
+                    </div>
+                </div>
+                <div
+                    id="confirm-contract-warning"
+                    class="mb-2"
+                    style="visibility: hidden"
+                >
+                    <div
+                        class="border border-red-500 border-dashed p-2 text-xs font-bold text-red-500"
+                    >
+                        WARNING: The recipient is a smart contract. Sending ETH
+                        or tokens directly to a contract may result in permanent
+                        loss of funds.
+                    </div>
+                </div>
+                <div
+                    id="confirm-burn-warning"
+                    class="mb-2"
+                    style="visibility: hidden"
+                >
+                    <div
+                        class="border border-red-500 border-dashed p-2 text-xs font-bold text-red-500"
+                    >
+                        WARNING: This is a known null/burn address. Funds sent
+                        here are permanently destroyed and cannot be recovered.
+                    </div>
+                </div>
+                <div
+                    id="confirm-etherscan-warning"
+                    class="mb-2"
+                    style="visibility: hidden"
+                >
+                    <div
+                        class="border border-red-500 border-dashed p-2 text-xs font-bold text-red-500"
+                    >
+                        WARNING: Etherscan has flagged this address as
+                        phishing/scam. Do not send funds to this address.
+                    </div>
+                </div>
                 <div
                     id="confirm-errors"
-                    class="mb-2 border border-border border-dashed p-2 hidden"
+                    class="mb-2 border border-border border-dashed p-2"
+                    style="visibility: hidden; min-height: 1.25rem"
                 ></div>
                 <div class="mb-2">
                     <label class="block mb-1 text-xs">Password</label>
@@ -592,6 +658,7 @@
                 <div
                     id="confirm-tx-password-error"
                     class="text-xs mb-2 min-h-[1.25rem]"
+                    style="visibility: hidden"
                 ></div>
                 <button
                     id="btn-confirm-send"
@@ -706,7 +773,8 @@
                 </button>
                 <div
                     id="receive-erc20-warning"
-                    class="text-xs border border-border border-dashed p-2 mt-3 hidden"
+                    class="text-xs border border-border border-dashed p-2 mt-3"
+                    style="visibility: hidden"
                 ></div>
             </div>
 
@@ -734,7 +802,8 @@
                 </div>
                 <div
                     id="add-token-info"
-                    class="text-xs text-muted mb-2 hidden"
+                    class="text-xs text-muted mb-2 min-h-[1.25rem]"
+                    style="visibility: hidden"
                 ></div>
                 <div class="mb-2">
                     <label class="block mb-1 text-xs text-muted"
@@ -792,7 +861,7 @@
                 <div class="bg-well p-3 mx-1 mb-3">
                     <h3 class="font-bold mb-1">Display</h3>
                     <label
-                        class="text-xs flex items-center gap-1 cursor-pointer"
+                        class="text-xs flex items-center gap-1 cursor-pointer mb-2"
                     >
                         <input
                             type="checkbox"
@@ -800,6 +869,17 @@
                         />
                         Show tracked tokens with zero balance
                     </label>
+                    <div class="text-xs flex items-center gap-1">
+                        <label for="settings-theme">Theme:</label>
+                        <select
+                            id="settings-theme"
+                            class="border border-border p-1 bg-bg text-fg text-xs cursor-pointer"
+                        >
+                            <option value="system">System</option>
+                            <option value="light">Light</option>
+                            <option value="dark">Dark</option>
+                        </select>
+                    </div>
                 </div>
 
                 <div class="bg-well p-3 mx-1 mb-3">
@@ -881,6 +961,12 @@
                         />
                         <span class="text-xs text-muted">gwei</span>
                     </div>
+                    <label
+                        class="text-xs flex items-center gap-1 cursor-pointer mb-1"
+                    >
+                        <input type="checkbox" id="settings-utc-timestamps" />
+                        UTC Timestamps
+                    </label>
                 </div>
 
                 <div class="bg-well p-3 mx-1 mb-3">
@@ -916,7 +1002,8 @@
                 </p>
                 <div
                     id="delete-wallet-flash"
-                    class="text-xs text-red-500 mb-2 hidden"
+                    class="text-xs text-red-500 mb-2 min-h-[1.25rem]"
+                    style="visibility: hidden"
                 ></div>
                 <div class="mb-2">
                     <label class="block mb-1">Password</label>
@@ -991,7 +1078,8 @@
                     />
                     <div
                         id="settings-addtoken-info"
-                        class="text-xs text-muted mt-1 hidden"
+                        class="text-xs text-muted mt-1 min-h-[1.25rem]"
+                        style="visibility: hidden"
                     ></div>
                     <button
                         id="btn-settings-addtoken-manual"
@@ -1073,6 +1161,14 @@
             <!-- ============ TRANSACTION APPROVAL ============ -->
             <div id="view-approve-tx" class="view hidden">
                 <h2 class="font-bold mb-2">Transaction Request</h2>
+                <div
+                    id="approve-tx-phishing-warning"
+                    class="mb-3 p-2 text-xs font-bold hidden bg-red-100 text-red-800 border-2 border-red-600 rounded-md"
+                >
+                    ⚠️ PHISHING WARNING: This site is on MetaMask's phishing
+                    blocklist. This transaction may steal your funds. Proceed
+                    with extreme caution.
+                </div>
                 <p class="mb-2">
                     <span id="approve-tx-hostname" class="font-bold"></span>
                     wants to send a transaction.
@@ -1117,7 +1213,8 @@
                 </div>
                 <div
                     id="approve-tx-error"
-                    class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem] hidden"
+                    class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem]"
+                    style="visibility: hidden"
                 ></div>
                 <div class="flex justify-between">
                     <button
@@ -1138,6 +1235,14 @@
             <!-- ============ SIGNATURE APPROVAL ============ -->
             <div id="view-approve-sign" class="view hidden">
                 <h2 class="font-bold mb-2">Signature Request</h2>
+                <div
+                    id="approve-sign-phishing-warning"
+                    class="mb-3 p-2 text-xs font-bold hidden bg-red-100 text-red-800 border-2 border-red-600 rounded-md"
+                >
+                    ⚠️ PHISHING WARNING: This site is on MetaMask's phishing
+                    blocklist. Signing this message may authorize theft of your
+                    funds. Proceed with extreme caution.
+                </div>
                 <p class="mb-2">
                     <span id="approve-sign-hostname" class="font-bold"></span>
                     wants you to sign a message.
@@ -1145,8 +1250,10 @@
 
                 <div
                     id="approve-sign-danger-warning"
-                    class="hidden mb-3 p-2 text-xs font-bold"
+                    class="mb-3 p-2 text-xs font-bold"
                     style="
+                        visibility: hidden;
+                        min-height: 1.25rem;
                         background: #fee2e2;
                         color: #991b1b;
                         border: 2px solid #dc2626;
@@ -1183,7 +1290,8 @@
                 </div>
                 <div
                     id="approve-sign-error"
-                    class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem] hidden"
+                    class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem]"
+                    style="visibility: hidden"
                 ></div>
                 <div class="flex justify-between">
                     <button
@@ -1204,6 +1312,14 @@
             <!-- ============ SITE APPROVAL ============ -->
             <div id="view-approve-site" class="view hidden">
                 <h2 class="font-bold mb-2">Connection Request</h2>
+                <div
+                    id="approve-site-phishing-warning"
+                    class="mb-3 p-2 text-xs font-bold hidden bg-red-100 text-red-800 border-2 border-red-600 rounded-md"
+                >
+                    ⚠️ PHISHING WARNING: This site is on MetaMask's phishing
+                    blocklist. Connecting your wallet may result in loss of
+                    funds. Proceed with extreme caution.
+                </div>
                 <div class="mb-3">
                     <p class="mb-2">
                         <span id="approve-hostname" class="font-bold"></span>

src/popup/index.js

@@ -6,11 +6,11 @@ const { state, saveState, loadState } = require("../shared/state");
 const { refreshPrices } = require("../shared/prices");
 const { refreshBalances } = require("../shared/balances");
 const { $, showView } = require("./views/helpers");
+const { applyTheme } = require("./theme");
 
 const home = require("./views/home");
 const welcome = require("./views/welcome");
 const addWallet = require("./views/addWallet");
-const importKey = require("./views/importKey");
 const addressDetail = require("./views/addressDetail");
 const addressToken = require("./views/addressToken");
 const send = require("./views/send");
@@ -54,7 +54,6 @@ const ctx = {
     renderWalletList,
     doRefreshAndRender,
     showAddWalletView: () => addWallet.show(),
-    showImportKeyView: () => importKey.show(),
     showAddressDetail: () => addressDetail.show(),
     showAddressToken: () => addressToken.show(),
     showAddTokenView: () => addToken.show(),
@@ -178,6 +177,7 @@ async function init() {
     }
 
     await loadState();
+    applyTheme(state.theme);
 
     // Auto-default active address
     if (
@@ -217,7 +217,6 @@ async function init() {
 
     welcome.init(ctx);
     addWallet.init(ctx);
-    importKey.init(ctx);
     home.init(ctx);
     addressDetail.init(ctx);
     addressToken.init(ctx);

src/popup/styles/main.css

@@ -15,7 +15,32 @@
     --color-section: #dddddd;
 }
 
+html.dark {
+    --color-bg: #000000;
+    --color-fg: #ffffff;
+    --color-muted: #aaaaaa;
+    --color-border: #ffffff;
+    --color-border-light: #444444;
+    --color-hover: #222222;
+    --color-well: #1a1a1a;
+    --color-danger-well: #2a0a0a;
+    --color-section: #2a2a2a;
+}
+
 body {
     width: 396px;
     overflow-x: hidden;
 }
+
+/* Copy-flash feedback: inverts colors then fades back */
+.copy-flash-active {
+    background-color: var(--color-fg) !important;
+    color: var(--color-bg) !important;
+    transition: none;
+}
+
+.copy-flash-fade {
+    transition:
+        background-color 225ms ease-out,
+        color 225ms ease-out;
+}

src/popup/theme.js

@@ -0,0 +1,33 @@
+// Theme management: applies light/dark class to <html> based on preference.
+
+let mediaQuery = null;
+let mediaHandler = null;
+
+function applyTheme(theme) {
+    // Clean up previous system listener
+    if (mediaQuery && mediaHandler) {
+        mediaQuery.removeEventListener("change", mediaHandler);
+        mediaHandler = null;
+    }
+
+    if (theme === "dark") {
+        document.documentElement.classList.add("dark");
+    } else if (theme === "light") {
+        document.documentElement.classList.remove("dark");
+    } else {
+        // system
+        mediaQuery = window.matchMedia("(prefers-color-scheme: dark)");
+        const update = () => {
+            if (mediaQuery.matches) {
+                document.documentElement.classList.add("dark");
+            } else {
+                document.documentElement.classList.remove("dark");
+            }
+        };
+        mediaHandler = update;
+        mediaQuery.addEventListener("change", update);
+        update();
+    }
+}
+
+module.exports = { applyTheme };

src/popup/views/addToken.js

@@ -7,7 +7,8 @@ const { log } = require("../../shared/log");
 
 function show() {
     $("add-token-address").value = "";
-    $("add-token-info").classList.add("hidden");
+    $("add-token-info").textContent = "";
+    $("add-token-info").style.visibility = "hidden";
     const list = $("common-token-list");
     list.innerHTML = getTopTokens(25)
         .map(
@@ -45,7 +46,7 @@ function init(ctx) {
         }
         const infoEl = $("add-token-info");
         infoEl.textContent = "Looking up token...";
-        infoEl.classList.remove("hidden");
+        infoEl.style.visibility = "visible";
         log.debugf("Looking up token contract", contractAddr);
         try {
             const info = await lookupTokenInfo(contractAddr, state.rpcUrl);
@@ -63,7 +64,8 @@ function init(ctx) {
             const detail = e.shortMessage || e.message || String(e);
             log.errorf("Token lookup failed for", contractAddr, detail);
             showFlash(detail);
-            infoEl.classList.add("hidden");
+            infoEl.textContent = "";
+            infoEl.style.visibility = "hidden";
         }
     });
 

src/popup/views/addWallet.js

@@ -3,31 +3,101 @@ const {
     generateMnemonic,
     hdWalletFromMnemonic,
     isValidMnemonic,
+    addressFromPrivateKey,
+    hdWalletFromXprv,
+    isValidXprv,
 } = require("../../shared/wallet");
 const { encryptWithPassword } = require("../../shared/vault");
 const { state, saveState } = require("../../shared/state");
 const { scanForAddresses } = require("../../shared/balances");
 
+/**
+ * Check if an address already exists in ANY wallet (hd, xprv, or key).
+ * Returns the wallet object if found, or undefined.
+ */
+function findWalletByAddress(addr) {
+    const lower = addr.toLowerCase();
+    return state.wallets.find((w) =>
+        w.addresses.some((a) => a.address.toLowerCase() === lower),
+    );
+}
+
+/**
+ * Check if an xpub already exists in any HD-type wallet (hd or xprv).
+ * Returns the wallet object if found, or undefined.
+ */
+function findWalletByXpub(xpub) {
+    return state.wallets.find((w) => w.xpub && w.xpub === xpub);
+}
+
+let currentMode = "mnemonic";
+
+const MODES = ["mnemonic", "privkey", "xprv"];
+
+const PASSWORD_HINTS = {
+    mnemonic:
+        "This password encrypts your recovery phrase on this device. You will need it to send funds.",
+    privkey:
+        "This password encrypts your private key on this device. You will need it to send funds.",
+    xprv: "This password encrypts your key on this device. You will need it to send funds.",
+};
+
+function switchMode(mode) {
+    currentMode = mode;
+    for (const m of MODES) {
+        $("add-wallet-section-" + m).classList.toggle("hidden", m !== mode);
+        const tab = $("tab-" + m);
+        const isActive = m === mode;
+        // Active: bold, solid border on top/sides, no bottom border (connects to content)
+        tab.classList.toggle("font-bold", isActive);
+        tab.classList.toggle("border-solid", isActive);
+        tab.classList.toggle("border-border", isActive);
+        tab.classList.toggle("border-b-bg", isActive);
+        tab.classList.toggle("bg-bg", isActive);
+        // Inactive: muted text, dashed border on top/sides, transparent bottom, hover invert
+        tab.classList.toggle("text-muted", !isActive);
+        tab.classList.toggle("border-dashed", !isActive);
+        tab.classList.toggle("border-border-light", !isActive);
+        tab.classList.toggle("border-b-transparent", !isActive);
+        tab.classList.toggle("hover:bg-fg", !isActive);
+        tab.classList.toggle("hover:text-bg", !isActive);
+    }
+    $("add-wallet-password-hint").textContent = PASSWORD_HINTS[mode];
+}
+
 function show() {
     $("wallet-mnemonic").value = "";
+    $("import-private-key").value = "";
+    $("import-xprv-key").value = "";
     $("add-wallet-password").value = "";
     $("add-wallet-password-confirm").value = "";
-    $("add-wallet-phrase-warning").classList.add("hidden");
+    $("add-wallet-phrase-warning").style.visibility = "hidden";
+    switchMode("mnemonic");
     showView("add-wallet");
 }
 
-function init(ctx) {
+function validatePassword() {
-    $("btn-generate-phrase").addEventListener("click", () => {
+    const pw = $("add-wallet-password").value;
-        $("wallet-mnemonic").value = generateMnemonic();
+    const pw2 = $("add-wallet-password-confirm").value;
-        $("add-wallet-phrase-warning").classList.remove("hidden");
+    if (!pw) {
-    });
+        showFlash("Please choose a password.");
+        return null;
+    }
+    if (pw.length < 12) {
+        showFlash("Password must be at least 12 characters.");
+        return null;
+    }
+    if (pw !== pw2) {
+        showFlash("Passwords do not match.");
+        return null;
+    }
+    return pw;
+}
 
-    $("btn-add-wallet-confirm").addEventListener("click", async () => {
+async function importMnemonic(ctx) {
     const mnemonic = $("wallet-mnemonic").value.trim();
     if (!mnemonic) {
-            showFlash(
+        showFlash("Enter a recovery phrase or press the die to generate one.");
-                "Enter a recovery phrase or press the die to generate one.",
-            );
         return;
     }
     const words = mnemonic.split(/\s+/);
@@ -43,36 +113,21 @@ function init(ctx) {
         showFlash("Invalid recovery phrase. Check for typos.");
         return;
     }
-        const pw = $("add-wallet-password").value;
+    const pw = validatePassword();
-        const pw2 = $("add-wallet-password-confirm").value;
+    if (!pw) return;
-        if (!pw) {
-            showFlash("Please choose a password.");
-            return;
-        }
-        if (pw.length < 12) {
-            showFlash("Password must be at least 12 characters.");
-            return;
-        }
-        if (pw !== pw2) {
-            showFlash("Passwords do not match.");
-            return;
-        }
     const { xpub, firstAddress } = hdWalletFromMnemonic(mnemonic);
-        const duplicate = state.wallets.find(
+    const xpubDup = findWalletByXpub(xpub);
-            (w) =>
+    if (xpubDup) {
-                w.type === "hd" &&
-                w.addresses[0] &&
-                w.addresses[0].address.toLowerCase() ===
-                    firstAddress.toLowerCase(),
-        );
-        if (duplicate) {
         showFlash(
-                "This recovery phrase is already added (" +
+            "This recovery phrase is already added (" + xpubDup.name + ").",
-                    duplicate.name +
-                    ").",
         );
         return;
     }
+    const addrDup = findWalletByAddress(firstAddress);
+    if (addrDup) {
+        showFlash("Address already exists in wallet (" + addrDup.name + ").");
+        return;
+    }
     const encrypted = await encryptWithPassword(mnemonic, pw);
     const walletNum = state.wallets.length + 1;
     const wallet = {
@@ -109,8 +164,138 @@ function init(ctx) {
     }
 
     ctx.doRefreshAndRender();
+}
+
+async function importPrivateKey(ctx) {
+    const key = $("import-private-key").value.trim();
+    if (!key) {
+        showFlash("Please enter your private key.");
+        return;
+    }
+    let addr;
+    try {
+        addr = addressFromPrivateKey(key);
+    } catch (e) {
+        showFlash("Invalid private key.");
+        return;
+    }
+    const pw = validatePassword();
+    if (!pw) return;
+    const duplicate = findWalletByAddress(addr);
+    if (duplicate) {
+        showFlash(
+            "This address already exists in wallet (" + duplicate.name + ").",
+        );
+        return;
+    }
+    const encrypted = await encryptWithPassword(key, pw);
+    const walletNum = state.wallets.length + 1;
+    state.wallets.push({
+        type: "key",
+        name: "Wallet " + walletNum,
+        encryptedSecret: encrypted,
+        addresses: [{ address: addr, balance: "0.0000", tokenBalances: [] }],
+    });
+    state.hasWallet = true;
+    await saveState();
+    ctx.renderWalletList();
+    showView("main");
+
+    ctx.doRefreshAndRender();
+}
+
+async function importXprvKey(ctx) {
+    const xprv = $("import-xprv-key").value.trim();
+    if (!xprv) {
+        showFlash("Please enter your extended private key.");
+        return;
+    }
+    if (!isValidXprv(xprv)) {
+        showFlash("Invalid extended private key.");
+        return;
+    }
+    let result;
+    try {
+        result = hdWalletFromXprv(xprv);
+    } catch (e) {
+        showFlash("Invalid extended private key.");
+        return;
+    }
+    const { xpub, firstAddress } = result;
+    const xpubDup = findWalletByXpub(xpub);
+    if (xpubDup) {
+        showFlash("This key is already added (" + xpubDup.name + ").");
+        return;
+    }
+    const addrDup = findWalletByAddress(firstAddress);
+    if (addrDup) {
+        showFlash("Address already exists in wallet (" + addrDup.name + ").");
+        return;
+    }
+    const pw = validatePassword();
+    if (!pw) return;
+    const encrypted = await encryptWithPassword(xprv, pw);
+    const walletNum = state.wallets.length + 1;
+    const wallet = {
+        type: "xprv",
+        name: "Wallet " + walletNum,
+        xpub: xpub,
+        encryptedSecret: encrypted,
+        nextIndex: 1,
+        addresses: [
+            { address: firstAddress, balance: "0.0000", tokenBalances: [] },
+        ],
+    };
+    state.wallets.push(wallet);
+    state.hasWallet = true;
+    await saveState();
+    ctx.renderWalletList();
+    showView("main");
+
+    // Scan for used HD addresses beyond index 0.
+    showFlash("Scanning for addresses...", 30000);
+    const scan = await scanForAddresses(xpub, state.rpcUrl);
+    if (scan.addresses.length > 1) {
+        wallet.addresses = scan.addresses.map((a) => ({
+            address: a.address,
+            balance: "0.0000",
+            tokenBalances: [],
+        }));
+        wallet.nextIndex = scan.nextIndex;
+        await saveState();
+        ctx.renderWalletList();
+        showFlash("Found " + scan.addresses.length + " addresses.");
+    } else {
+        showFlash("Ready.", 1000);
+    }
+
+    ctx.doRefreshAndRender();
+}
+
+function init(ctx) {
+    // Tab click handlers
+    $("tab-mnemonic").addEventListener("click", () => switchMode("mnemonic"));
+    $("tab-privkey").addEventListener("click", () => switchMode("privkey"));
+    $("tab-xprv").addEventListener("click", () => switchMode("xprv"));
+
+    // Generate mnemonic
+    $("btn-generate-phrase").addEventListener("click", () => {
+        $("wallet-mnemonic").value = generateMnemonic();
+        $("add-wallet-phrase-warning").style.visibility = "visible";
     });
 
+    // Import / confirm
+    $("btn-add-wallet-confirm").addEventListener("click", async () => {
+        if (currentMode === "mnemonic") {
+            await importMnemonic(ctx);
+        } else if (currentMode === "privkey") {
+            await importPrivateKey(ctx);
+        } else if (currentMode === "xprv") {
+            await importXprvKey(ctx);
+        }
+    });
+
+    // Back button
     $("btn-add-wallet-back").addEventListener("click", () => {
         if (!state.hasWallet) {
             showView("welcome");
@@ -119,11 +304,6 @@ function init(ctx) {
             showView("main");
         }
     });
-
-    $("btn-add-wallet-import-key").addEventListener(
-        "click",
-        ctx.showImportKeyView,
-    );
 }
 
 module.exports = { init, show };

src/popup/views/addressDetail.js

@@ -2,6 +2,7 @@ const {
     $,
     showView,
     showFlash,
+    flashCopyFeedback,
     balanceLinesForAddress,
     addressDotHtml,
     addressTitle,
@@ -94,18 +95,39 @@ function show() {
 function isoDate(timestamp) {
     const d = new Date(timestamp * 1000);
     const pad = (n) => String(n).padStart(2, "0");
+    if (state.utcTimestamps) {
+        return (
+            d.getUTCFullYear() +
+            "-" +
+            pad(d.getUTCMonth() + 1) +
+            "-" +
+            pad(d.getUTCDate()) +
+            "T" +
+            pad(d.getUTCHours()) +
+            ":" +
+            pad(d.getUTCMinutes()) +
+            ":" +
+            pad(d.getUTCSeconds()) +
+            "Z"
+        );
+    }
+    const offsetMin = -d.getTimezoneOffset();
+    const sign = offsetMin >= 0 ? "+" : "-";
+    const absOff = Math.abs(offsetMin);
+    const tzStr = sign + pad(Math.floor(absOff / 60)) + ":" + pad(absOff % 60);
     return (
         d.getFullYear() +
         "-" +
         pad(d.getMonth() + 1) +
         "-" +
         pad(d.getDate()) +
-        " " +
+        "T" +
         pad(d.getHours()) +
         ":" +
         pad(d.getMinutes()) +
         ":" +
-        pad(d.getSeconds())
+        pad(d.getSeconds()) +
+        tzStr
     );
 }
 
@@ -241,6 +263,7 @@ function init(_ctx) {
         if (addr) {
             navigator.clipboard.writeText(addr);
             showFlash("Copied!");
+            flashCopyFeedback($("address-full"));
         }
     });
 
@@ -310,8 +333,8 @@ function init(_ctx) {
         $("export-privkey-address").textContent = addr.address;
         $("export-privkey-address").dataset.full = addr.address;
         $("export-privkey-password").value = "";
-        $("export-privkey-flash").classList.add("hidden");
         $("export-privkey-flash").textContent = "";
+        $("export-privkey-flash").style.visibility = "hidden";
         $("export-privkey-password-section").classList.remove("hidden");
         $("export-privkey-result").classList.add("hidden");
         $("export-privkey-value").textContent = "";
@@ -322,7 +345,7 @@ function init(_ctx) {
         const password = $("export-privkey-password").value;
         if (!password) {
             $("export-privkey-flash").textContent = "Password is required.";
-            $("export-privkey-flash").classList.remove("hidden");
+            $("export-privkey-flash").style.visibility = "visible";
             return;
         }
         const btn = $("btn-export-privkey-confirm");
@@ -343,10 +366,10 @@ function init(_ctx) {
             $("export-privkey-password-section").classList.add("hidden");
             $("export-privkey-value").textContent = privateKey;
             $("export-privkey-result").classList.remove("hidden");
-            $("export-privkey-flash").classList.add("hidden");
+            $("export-privkey-flash").style.visibility = "hidden";
         } catch {
             $("export-privkey-flash").textContent = "Wrong password.";
-            $("export-privkey-flash").classList.remove("hidden");
+            $("export-privkey-flash").style.visibility = "visible";
         } finally {
             btn.disabled = false;
             btn.classList.remove("text-muted");
@@ -358,6 +381,7 @@ function init(_ctx) {
         if (key) {
             navigator.clipboard.writeText(key);
             showFlash("Copied!");
+            flashCopyFeedback($("export-privkey-value"));
         }
     });
 
@@ -366,6 +390,7 @@ function init(_ctx) {
         if (full) {
             navigator.clipboard.writeText(full);
             showFlash("Copied!");
+            flashCopyFeedback($("export-privkey-address"));
         }
     });
 

src/popup/views/addressToken.js

@@ -5,6 +5,7 @@ const {
     $,
     showView,
     showFlash,
+    flashCopyFeedback,
     addressDotHtml,
     addressTitle,
     escapeHtml,
@@ -47,18 +48,39 @@ function etherscanAddressLink(address) {
 function isoDate(timestamp) {
     const d = new Date(timestamp * 1000);
     const pad = (n) => String(n).padStart(2, "0");
+    if (state.utcTimestamps) {
+        return (
+            d.getUTCFullYear() +
+            "-" +
+            pad(d.getUTCMonth() + 1) +
+            "-" +
+            pad(d.getUTCDate()) +
+            "T" +
+            pad(d.getUTCHours()) +
+            ":" +
+            pad(d.getUTCMinutes()) +
+            ":" +
+            pad(d.getUTCSeconds()) +
+            "Z"
+        );
+    }
+    const offsetMin = -d.getTimezoneOffset();
+    const sign = offsetMin >= 0 ? "+" : "-";
+    const absOff = Math.abs(offsetMin);
+    const tzStr = sign + pad(Math.floor(absOff / 60)) + ":" + pad(absOff % 60);
     return (
         d.getFullYear() +
         "-" +
         pad(d.getMonth() + 1) +
         "-" +
         pad(d.getDate()) +
-        " " +
+        "T" +
         pad(d.getHours()) +
         ":" +
         pad(d.getMinutes()) +
         ":" +
-        pad(d.getSeconds())
+        pad(d.getSeconds()) +
+        tzStr
     );
 }
 
@@ -317,6 +339,7 @@ function init(_ctx) {
         if (addr) {
             navigator.clipboard.writeText(addr);
             showFlash("Copied!");
+            flashCopyFeedback($("address-token-full"));
         }
     });
 
@@ -325,6 +348,7 @@ function init(_ctx) {
         if (copyEl) {
             navigator.clipboard.writeText(copyEl.dataset.copy);
             showFlash("Copied!");
+            flashCopyFeedback(copyEl);
         }
     });
 
@@ -373,6 +397,7 @@ function init(_ctx) {
             copyEl.addEventListener("click", () => {
                 navigator.clipboard.writeText(copyEl.dataset.copy);
                 showFlash("Copied!");
+                flashCopyFeedback(copyEl);
             });
         }
         updateSendBalance();

src/popup/views/approval.js

@@ -13,6 +13,7 @@ const { ERC20_ABI } = require("../../shared/constants");
 const { TOKEN_BY_ADDRESS } = require("../../shared/tokenList");
 const txStatus = require("./txStatus");
 const uniswap = require("../../shared/uniswap");
+const { isPhishingDomain } = require("../../shared/phishingDomains");
 
 const runtime =
     typeof browser !== "undefined" ? browser.runtime : chrome.runtime;
@@ -155,7 +156,24 @@ function decodeCalldata(data, toAddress) {
     return null;
 }
 
+function showPhishingWarning(elementId, hostname, isPhishing) {
+    const el = $(elementId);
+    if (!el) return;
+    // Check both the flag from background and a local re-check
+    if (isPhishing || isPhishingDomain(hostname)) {
+        el.classList.remove("hidden");
+    } else {
+        el.classList.add("hidden");
+    }
+}
+
 function showTxApproval(details) {
+    showPhishingWarning(
+        "approve-tx-phishing-warning",
+        details.hostname,
+        details.isPhishingDomain,
+    );
+
     const toAddr = details.txParams.to;
     const token = toAddr ? TOKEN_BY_ADDRESS.get(toAddr.toLowerCase()) : null;
     const ethValue = formatEther(details.txParams.value || "0");
@@ -269,7 +287,7 @@ function showTxApproval(details) {
     }
 
     $("approve-tx-password").value = "";
-    $("approve-tx-error").classList.add("hidden");
+    hideError("approve-tx-error");
 
     showView("approve-tx");
 }
@@ -323,6 +341,12 @@ function formatTypedDataHtml(jsonStr) {
 }
 
 function showSignApproval(details) {
+    showPhishingWarning(
+        "approve-sign-phishing-warning",
+        details.hostname,
+        details.isPhishingDomain,
+    );
+
     const sp = details.signParams;
 
     $("approve-sign-hostname").textContent = details.hostname;
@@ -351,10 +375,10 @@ function showSignApproval(details) {
     if (warningEl) {
         if (sp.dangerWarning) {
             warningEl.textContent = sp.dangerWarning;
-            warningEl.classList.remove("hidden");
+            warningEl.style.visibility = "visible";
         } else {
             warningEl.textContent = "";
-            warningEl.classList.add("hidden");
+            warningEl.style.visibility = "hidden";
         }
     }
 
@@ -382,6 +406,12 @@ function show(id) {
             showSignApproval(details);
             return;
         }
+        // Site connection approval
+        showPhishingWarning(
+            "approve-site-phishing-warning",
+            details.hostname,
+            details.isPhishingDomain,
+        );
         $("approve-hostname").textContent = details.hostname;
         $("approve-address").innerHTML = approvalAddressHtml(
             state.activeAddress,

src/popup/views/confirmTx.js

@@ -15,6 +15,7 @@ const {
     hideError,
     showView,
     showFlash,
+    flashCopyFeedback,
     addressTitle,
     addressDotHtml,
     escapeHtml,
@@ -24,8 +25,11 @@ const { getSignerForAddress } = require("../../shared/wallet");
 const { decryptWithPassword } = require("../../shared/vault");
 const { formatUsd, getPrice } = require("../../shared/prices");
 const { getProvider } = require("../../shared/balances");
-const { isScamAddress } = require("../../shared/scamlist");
+const {
-const { ERC20_ABI } = require("../../shared/constants");
+    getLocalWarnings,
+    getFullWarnings,
+} = require("../../shared/addressWarnings");
+const { ERC20_ABI, isBurnAddress } = require("../../shared/constants");
 const { log } = require("../../shared/log");
 const makeBlockie = require("ethereum-blockies-base64");
 const txStatus = require("./txStatus");
@@ -86,42 +90,6 @@ function valueWithUsd(text, usdAmount) {
     return text;
 }
 
-function renderWarnings(warnings) {
-    const warningsEl = $("confirm-warnings");
-    if (warnings.length > 0) {
-        warningsEl.innerHTML = warnings
-            .map(
-                (w) =>
-                    `<div class="border border-border border-dashed p-2 mb-1 text-xs font-bold" style="color:#c00">WARNING: ${w}</div>`,
-            )
-            .join("");
-        warningsEl.classList.remove("hidden");
-    } else {
-        warningsEl.classList.add("hidden");
-    }
-}
-
-async function checkAddressHistory(address, existingWarnings) {
-    try {
-        const provider = getProvider(state.rpcUrl);
-        const [balance, txCount] = await Promise.all([
-            provider.getBalance(address),
-            provider.getTransactionCount(address),
-        ]);
-        if (balance === 0n && txCount === 0) {
-            const warnings = existingWarnings.slice();
-            warnings.push(
-                "This address has ZERO transaction history. " +
-                    "It has never sent or received funds. " +
-                    "Double-check that the address is correct before sending.",
-            );
-            renderWarnings(warnings);
-        }
-    } catch (e) {
-        log.errorf("address history check failed:", e.message);
-    }
-}
-
 function show(txInfo) {
     pendingTx = txInfo;
 
@@ -153,6 +121,7 @@ function show(txInfo) {
             copyEl.onclick = () => {
                 navigator.clipboard.writeText(copyEl.dataset.copy);
                 showFlash("Copied!");
+                flashCopyFeedback(copyEl);
             };
         }
     } else {
@@ -201,21 +170,24 @@ function show(txInfo) {
         $("confirm-balance").textContent = valueWithUsd(bal + " ETH", balUsd);
     }
 
-    // Check for warnings
+    // Check for warnings (synchronous local checks)
-    const warnings = [];
+    const localWarnings = getLocalWarnings(txInfo.to, {
-    if (isScamAddress(txInfo.to)) {
+        fromAddress: txInfo.from,
-        warnings.push(
+    });
-            "This address is on a known scam/fraud list. Do not send funds to this address.",
-        );
-    }
-    if (txInfo.to.toLowerCase() === txInfo.from.toLowerCase()) {
-        warnings.push("You are sending to your own address.");
-    }
 
-    renderWarnings(warnings);
+    const warningsEl = $("confirm-warnings");
-
+    if (localWarnings.length > 0) {
-    // Async check: warn if destination address has zero transaction history
+        warningsEl.innerHTML = localWarnings
-    checkAddressHistory(txInfo.to, warnings);
+            .map(
+                (w) =>
+                    `<div class="border border-border border-dashed p-2 mb-1 text-xs font-bold">WARNING: ${w.message}</div>`,
+            )
+            .join("");
+        warningsEl.style.visibility = "visible";
+    } else {
+        warningsEl.innerHTML = "";
+        warningsEl.style.visibility = "hidden";
+    }
 
     // Check for errors
     const errors = [];
@@ -252,11 +224,12 @@ function show(txInfo) {
         errorsEl.innerHTML = errors
             .map((e) => `<div class="text-xs">${e}</div>`)
             .join("");
-        errorsEl.classList.remove("hidden");
+        errorsEl.style.visibility = "visible";
         sendBtn.disabled = true;
         sendBtn.classList.add("text-muted");
     } else {
-        errorsEl.classList.add("hidden");
+        errorsEl.innerHTML = "";
+        errorsEl.style.visibility = "hidden";
         sendBtn.disabled = false;
         sendBtn.classList.remove("text-muted");
     }
@@ -266,12 +239,24 @@ function show(txInfo) {
     hideError("confirm-tx-password-error");
 
     // Gas estimate — show placeholder then fetch async
-    $("confirm-fee").classList.remove("hidden");
+    $("confirm-fee").style.visibility = "visible";
     $("confirm-fee-amount").textContent = "Estimating...";
     state.viewData = { pendingTx: txInfo };
     showView("confirm-tx");
 
+    // Reset async warnings to hidden (space always reserved, no layout shift)
+    $("confirm-recipient-warning").style.visibility = "hidden";
+    $("confirm-contract-warning").style.visibility = "hidden";
+    $("confirm-burn-warning").style.visibility = "hidden";
+    $("confirm-etherscan-warning").style.visibility = "hidden";
+
+    // Show burn warning via reserved element (in addition to inline warning)
+    if (isBurnAddress(txInfo.to)) {
+        $("confirm-burn-warning").style.visibility = "visible";
+    }
+
     estimateGas(txInfo);
+    checkRecipientHistory(txInfo);
 }
 
 async function estimateGas(txInfo) {
@@ -314,6 +299,28 @@ async function estimateGas(txInfo) {
     }
 }
 
+async function checkRecipientHistory(txInfo) {
+    try {
+        const provider = getProvider(state.rpcUrl);
+        const asyncWarnings = await getFullWarnings(txInfo.to, provider, {
+            fromAddress: txInfo.from,
+        });
+        for (const w of asyncWarnings) {
+            if (w.type === "contract") {
+                $("confirm-contract-warning").style.visibility = "visible";
+            }
+            if (w.type === "new-address") {
+                $("confirm-recipient-warning").style.visibility = "visible";
+            }
+            if (w.type === "etherscan-phishing") {
+                $("confirm-etherscan-warning").style.visibility = "visible";
+            }
+        }
+    } catch (e) {
+        log.errorf("recipient history check failed:", e.message);
+    }
+}
+
 function init(ctx) {
     $("btn-confirm-send").addEventListener("click", async () => {
         const password = $("confirm-tx-password").value;

src/popup/views/deleteWallet.js

@@ -12,7 +12,7 @@ function show(walletIdx) {
         wallet.name || "Wallet " + (walletIdx + 1);
     $("delete-wallet-password").value = "";
     $("delete-wallet-flash").textContent = "";
-    $("delete-wallet-flash").classList.add("hidden");
+    $("delete-wallet-flash").style.visibility = "hidden";
     showView("delete-wallet-confirm");
 }
 
@@ -29,14 +29,14 @@ function init(_ctx) {
         if (!pw) {
             $("delete-wallet-flash").textContent =
                 "Please enter your password.";
-            $("delete-wallet-flash").classList.remove("hidden");
+            $("delete-wallet-flash").style.visibility = "visible";
             return;
         }
 
         if (deleteWalletIndex === null) {
             $("delete-wallet-flash").textContent =
                 "No wallet selected for deletion.";
-            $("delete-wallet-flash").classList.remove("hidden");
+            $("delete-wallet-flash").style.visibility = "visible";
             return;
         }
 
@@ -52,7 +52,7 @@ function init(_ctx) {
             await decryptWithPassword(wallet.encryptedSecret, pw);
         } catch (_e) {
             $("delete-wallet-flash").textContent = "Wrong password.";
-            $("delete-wallet-flash").classList.remove("hidden");
+            $("delete-wallet-flash").style.visibility = "visible";
             btn.disabled = false;
             btn.classList.remove("text-muted");
             return;

src/popup/views/helpers.js

@@ -13,7 +13,6 @@ const { state, saveState } = require("../../shared/state");
 const VIEWS = [
     "welcome",
     "add-wallet",
-    "import-key",
     "main",
     "address",
     "address-token",
@@ -41,11 +40,13 @@ function $(id) {
 function showError(id, msg) {
     const el = $(id);
     el.textContent = msg;
-    el.classList.remove("hidden");
+    el.style.visibility = "visible";
 }
 
 function hideError(id) {
-    $(id).classList.add("hidden");
+    const el = $(id);
+    el.textContent = "";
+    el.style.visibility = "hidden";
 }
 
 function showView(name) {
@@ -227,18 +228,39 @@ function formatAddressHtml(address, ensName, maxLen, title) {
 function isoDate(timestamp) {
     const d = new Date(timestamp * 1000);
     const pad = (n) => String(n).padStart(2, "0");
+    if (state.utcTimestamps) {
+        return (
+            d.getUTCFullYear() +
+            "-" +
+            pad(d.getUTCMonth() + 1) +
+            "-" +
+            pad(d.getUTCDate()) +
+            "T" +
+            pad(d.getUTCHours()) +
+            ":" +
+            pad(d.getUTCMinutes()) +
+            ":" +
+            pad(d.getUTCSeconds()) +
+            "Z"
+        );
+    }
+    const offsetMin = -d.getTimezoneOffset();
+    const sign = offsetMin >= 0 ? "+" : "-";
+    const absOff = Math.abs(offsetMin);
+    const tzStr = sign + pad(Math.floor(absOff / 60)) + ":" + pad(absOff % 60);
     return (
         d.getFullYear() +
         "-" +
         pad(d.getMonth() + 1) +
         "-" +
         pad(d.getDate()) +
-        " " +
+        "T" +
         pad(d.getHours()) +
         ":" +
         pad(d.getMinutes()) +
         ":" +
-        pad(d.getSeconds())
+        pad(d.getSeconds()) +
+        tzStr
     );
 }
 
@@ -259,12 +281,26 @@ function timeAgo(timestamp) {
     return years + " year" + (years !== 1 ? "s" : "") + " ago";
 }
 
+function flashCopyFeedback(el) {
+    if (!el) return;
+    el.classList.remove("copy-flash-fade");
+    el.classList.add("copy-flash-active");
+    setTimeout(() => {
+        el.classList.remove("copy-flash-active");
+        el.classList.add("copy-flash-fade");
+        setTimeout(() => {
+            el.classList.remove("copy-flash-fade");
+        }, 275);
+    }, 75);
+}
+
 module.exports = {
     $,
     showError,
     hideError,
     showView,
     showFlash,
+    flashCopyFeedback,
     balanceLine,
     balanceLinesForAddress,
     addressColor,

src/popup/views/home.js

@@ -2,6 +2,7 @@ const {
     $,
     showView,
     showFlash,
+    flashCopyFeedback,
     balanceLinesForAddress,
     isoDate,
     timeAgo,
@@ -85,9 +86,10 @@ function renderActiveAddress() {
         el.innerHTML =
             `<span class="underline decoration-dashed cursor-pointer" id="active-addr-copy">${dot}${escapeHtml(addr)}</span>` +
             `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
-        $("active-addr-copy").addEventListener("click", () => {
+        $("active-addr-copy").addEventListener("click", (e) => {
             navigator.clipboard.writeText(addr);
             showFlash("Copied!");
+            flashCopyFeedback(e.currentTarget);
         });
     } else {
         el.textContent = "";
@@ -239,7 +241,7 @@ function render(ctx) {
         html += `<div>`;
         html += `<div class="flex justify-between items-center bg-section py-1 px-2" style="margin:0 -0.5rem">`;
         html += `<span class="font-bold cursor-pointer wallet-name underline decoration-dashed" data-wallet="${wi}">${wallet.name}</span>`;
-        if (wallet.type === "hd") {
+        if (wallet.type === "hd" || wallet.type === "xprv") {
             html += `<button class="btn-add-address border border-border px-1 hover:bg-fg hover:text-bg cursor-pointer text-xs" data-wallet="${wi}" title="Add another address to this wallet">+</button>`;
         }
         html += `</div>`;

src/popup/views/importKey.js

@@ -1,69 +0,0 @@
-const { $, showView, showFlash } = require("./helpers");
-const { addressFromPrivateKey } = require("../../shared/wallet");
-const { encryptWithPassword } = require("../../shared/vault");
-const { state, saveState } = require("../../shared/state");
-
-function show() {
-    $("import-private-key").value = "";
-    $("import-key-password").value = "";
-    $("import-key-password-confirm").value = "";
-    showView("import-key");
-}
-
-function init(ctx) {
-    $("btn-import-key-confirm").addEventListener("click", async () => {
-        const key = $("import-private-key").value.trim();
-        if (!key) {
-            showFlash("Please enter your private key.");
-            return;
-        }
-        let addr;
-        try {
-            addr = addressFromPrivateKey(key);
-        } catch (e) {
-            showFlash("Invalid private key.");
-            return;
-        }
-        const pw = $("import-key-password").value;
-        const pw2 = $("import-key-password-confirm").value;
-        if (!pw) {
-            showFlash("Please choose a password.");
-            return;
-        }
-        if (pw.length < 12) {
-            showFlash("Password must be at least 12 characters.");
-            return;
-        }
-        if (pw !== pw2) {
-            showFlash("Passwords do not match.");
-            return;
-        }
-        const encrypted = await encryptWithPassword(key, pw);
-        const walletNum = state.wallets.length + 1;
-        state.wallets.push({
-            type: "key",
-            name: "Wallet " + walletNum,
-            encryptedSecret: encrypted,
-            addresses: [
-                { address: addr, balance: "0.0000", tokenBalances: [] },
-            ],
-        });
-        state.hasWallet = true;
-        await saveState();
-        ctx.renderWalletList();
-        showView("main");
-
-        ctx.doRefreshAndRender();
-    });
-
-    $("btn-import-key-back").addEventListener("click", () => {
-        if (!state.hasWallet) {
-            showView("welcome");
-        } else {
-            ctx.renderWalletList();
-            showView("main");
-        }
-    });
-}
-
-module.exports = { init, show };

src/popup/views/receive.js

@@ -2,6 +2,7 @@ const {
     $,
     showView,
     showFlash,
+    flashCopyFeedback,
     formatAddressHtml,
     addressTitle,
 } = require("./helpers");
@@ -52,19 +53,21 @@ function show() {
             "This is an ERC-20 token. Only send " +
             symbol +
             " on the Ethereum network to this address. Sending tokens on other networks will result in permanent loss.";
-        warningEl.classList.remove("hidden");
+        warningEl.style.visibility = "visible";
     } else {
-        warningEl.classList.add("hidden");
+        warningEl.textContent = "";
+        warningEl.style.visibility = "hidden";
     }
     showView("receive");
 }
 
 function init(ctx) {
-    $("receive-address-block").addEventListener("click", () => {
+    $("receive-address-block").addEventListener("click", (e) => {
         const addr = $("receive-address-block").dataset.full;
         if (addr) {
             navigator.clipboard.writeText(addr);
             showFlash("Copied!");
+            flashCopyFeedback(e.currentTarget);
         }
     });
 
@@ -73,6 +76,7 @@ function init(ctx) {
         if (addr) {
             navigator.clipboard.writeText(addr);
             showFlash("Copied!");
+            flashCopyFeedback($("receive-address-block"));
         }
     });
 

src/popup/views/settings.js

@@ -1,4 +1,5 @@
 const { $, showView, showFlash, escapeHtml } = require("./helpers");
+const { applyTheme } = require("../theme");
 const { state, saveState } = require("../../shared/state");
 const { ETHEREUM_MAINNET_CHAIN_ID } = require("../../shared/constants");
 const { log, debugFetch } = require("../../shared/log");
@@ -214,6 +215,13 @@ function init(ctx) {
         await saveState();
     });
 
+    $("settings-theme").value = state.theme;
+    $("settings-theme").addEventListener("change", async () => {
+        state.theme = $("settings-theme").value;
+        await saveState();
+        applyTheme(state.theme);
+    });
+
     $("settings-hide-low-holders").checked = state.hideLowHolderTokens;
     $("settings-hide-low-holders").addEventListener("change", async () => {
         state.hideLowHolderTokens = $("settings-hide-low-holders").checked;
@@ -241,6 +249,12 @@ function init(ctx) {
         }
     });
 
+    $("settings-utc-timestamps").checked = state.utcTimestamps;
+    $("settings-utc-timestamps").addEventListener("change", async () => {
+        state.utcTimestamps = $("settings-utc-timestamps").checked;
+        await saveState();
+    });
+
     $("btn-main-add-wallet").addEventListener("click", ctx.showAddWalletView);
 
     $("btn-settings-add-token").addEventListener(

src/popup/views/settingsAddToken.js

@@ -73,7 +73,8 @@ function renderDropdown() {
 
 function show() {
     $("settings-addtoken-address").value = "";
-    $("settings-addtoken-info").classList.add("hidden");
+    $("settings-addtoken-info").textContent = "";
+    $("settings-addtoken-info").style.visibility = "hidden";
     renderTop10();
     renderDropdown();
     showView("settings-addtoken");
@@ -129,7 +130,7 @@ function init(_ctx) {
         }
         const infoEl = $("settings-addtoken-info");
         infoEl.textContent = "Looking up token...";
-        infoEl.classList.remove("hidden");
+        infoEl.style.visibility = "visible";
         log.debugf("Looking up token contract", addr);
         try {
             const info = await lookupTokenInfo(addr, state.rpcUrl);
@@ -143,7 +144,8 @@ function init(_ctx) {
             await saveState();
             showFlash("Added " + info.symbol);
             $("settings-addtoken-address").value = "";
-            infoEl.classList.add("hidden");
+            infoEl.textContent = "";
+            infoEl.style.visibility = "hidden";
             renderTop10();
             renderDropdown();
             ctx.doRefreshAndRender();
@@ -151,7 +153,8 @@ function init(_ctx) {
             const detail = e.shortMessage || e.message || String(e);
             log.errorf("Token lookup failed for", addr, detail);
             showFlash(detail);
-            infoEl.classList.add("hidden");
+            infoEl.textContent = "";
+            infoEl.style.visibility = "hidden";
         }
     });
 }

src/popup/views/transactionDetail.js

@@ -5,6 +5,7 @@ const {
     $,
     showView,
     showFlash,
+    flashCopyFeedback,
     addressDotHtml,
     addressTitle,
     escapeHtml,
@@ -158,8 +159,9 @@ function render() {
         loadCalldata(tx.hash, tx.to);
     }
 
-    $("tx-detail-time").textContent =
+    const isoStr = isoDate(tx.timestamp);
-        isoDate(tx.timestamp) + " (" + timeAgo(tx.timestamp) + ")";
+    $("tx-detail-time").innerHTML =
+        copyableHtml(isoStr) + " (" + escapeHtml(timeAgo(tx.timestamp)) + ")";
     $("tx-detail-status").textContent = tx.isError ? "Failed" : "Success";
     showView("transaction");
 
@@ -170,6 +172,7 @@ function render() {
             el.onclick = () => {
                 navigator.clipboard.writeText(el.dataset.copy);
                 showFlash("Copied!");
+                flashCopyFeedback(el);
             };
         });
 }
@@ -247,6 +250,7 @@ async function loadCalldata(txHash, toAddress) {
                 el.onclick = () => {
                     navigator.clipboard.writeText(el.dataset.copy);
                     showFlash("Copied!");
+                    flashCopyFeedback(el);
                 };
             });
         }

src/popup/views/txStatus.js

@@ -4,6 +4,7 @@ const {
     $,
     showView,
     showFlash,
+    flashCopyFeedback,
     addressDotHtml,
     addressTitle,
     escapeHtml,
@@ -59,6 +60,16 @@ function txHashHtml(hash) {
     );
 }
 
+function blockNumberHtml(blockNumber) {
+    const num = String(blockNumber);
+    const link = `https://etherscan.io/block/${num}`;
+    const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
+    return (
+        `<span class="underline decoration-dashed cursor-pointer" data-copy="${escapeHtml(num)}">${escapeHtml(num)}</span>` +
+        extLink
+    );
+}
+
 function attachCopyHandlers(viewId) {
     document
         .getElementById(viewId)
@@ -67,6 +78,7 @@ function attachCopyHandlers(viewId) {
             el.onclick = () => {
                 navigator.clipboard.writeText(el.dataset.copy);
                 showFlash("Copied!");
+                flashCopyFeedback(el);
             };
         });
 }
@@ -189,7 +201,7 @@ function renderSuccess() {
         $("success-tx-to").innerHTML = toAddressHtml(d.to);
     }
 
-    $("success-tx-block").textContent = String(d.blockNumber);
+    $("success-tx-block").innerHTML = blockNumberHtml(d.blockNumber);
     $("success-tx-hash").innerHTML = txHashHtml(d.hash);
 
     // Show decoded calldata details if present

src/shared/addressWarnings.js

@@ -0,0 +1,114 @@
+// Address warning module.
+// Provides local and async (RPC-based) warning checks for Ethereum addresses.
+// Returns arrays of {type, message, severity} objects.
+
+const { isScamAddress } = require("./scamlist");
+const { isBurnAddress } = require("./constants");
+const { checkEtherscanLabel } = require("./etherscanLabels");
+const { log } = require("./log");
+
+/**
+ * Check an address against local-only lists (scam, burn, self-send).
+ * Synchronous — no network calls.
+ *
+ * @param {string} address - The target address to check.
+ * @param {object} [options] - Optional context.
+ * @param {string} [options.fromAddress] - Sender address (for self-send check).
+ * @returns {Array<{type: string, message: string, severity: string}>}
+ */
+function getLocalWarnings(address, options = {}) {
+    const warnings = [];
+    const addr = address.toLowerCase();
+
+    if (isScamAddress(addr)) {
+        warnings.push({
+            type: "scam",
+            message:
+                "This address is on a known scam/fraud list. Do not send funds to this address.",
+            severity: "critical",
+        });
+    }
+
+    if (isBurnAddress(addr)) {
+        warnings.push({
+            type: "burn",
+            message:
+                "This is a known null/burn address. Funds sent here are permanently destroyed and cannot be recovered.",
+            severity: "critical",
+        });
+    }
+
+    if (options.fromAddress && addr === options.fromAddress.toLowerCase()) {
+        warnings.push({
+            type: "self-send",
+            message: "You are sending to your own address.",
+            severity: "warning",
+        });
+    }
+
+    return warnings;
+}
+
+/**
+ * Check an address against local lists AND via RPC queries.
+ * Async — performs network calls to check contract status and tx history.
+ *
+ * @param {string} address - The target address to check.
+ * @param {object} provider - An ethers.js provider instance.
+ * @param {object} [options] - Optional context.
+ * @param {string} [options.fromAddress] - Sender address (for self-send check).
+ * @returns {Promise<Array<{type: string, message: string, severity: string}>>}
+ */
+async function getFullWarnings(address, provider, options = {}) {
+    const warnings = getLocalWarnings(address, options);
+
+    let isContract = false;
+    try {
+        const code = await provider.getCode(address);
+        if (code && code !== "0x") {
+            isContract = true;
+            warnings.push({
+                type: "contract",
+                message:
+                    "This address is a smart contract, not a regular wallet.",
+                severity: "warning",
+            });
+        }
+    } catch (e) {
+        log.errorf("contract check failed:", e.message);
+    }
+
+    // Skip tx count check for contracts — they may legitimately have
+    // zero inbound EOA transactions.
+    if (!isContract) {
+        try {
+            const txCount = await provider.getTransactionCount(address);
+            if (txCount === 0) {
+                warnings.push({
+                    type: "new-address",
+                    message:
+                        "This address has never sent a transaction. Double-check it is correct.",
+                    severity: "info",
+                });
+            }
+        } catch (e) {
+            log.errorf("tx count check failed:", e.message);
+        }
+    }
+
+    // Etherscan label check (best-effort async — network failures are silent).
+    // Runs for ALL addresses including contracts, since many dangerous
+    // flagged addresses on Etherscan (drainers, phishing contracts) are contracts.
+    try {
+        const etherscanWarning = await checkEtherscanLabel(address);
+        if (etherscanWarning) {
+            warnings.push(etherscanWarning);
+        }
+    } catch (e) {
+        log.errorf("etherscan label check failed:", e.message);
+    }
+
+    return warnings;
+}
+
+module.exports = { getLocalWarnings, getFullWarnings };

src/shared/constants.js

@@ -20,6 +20,19 @@ const ERC20_ABI = [
     "function approve(address spender, uint256 amount) returns (bool)",
 ];
 
+// Known null/burn addresses that permanently destroy funds.
+const BURN_ADDRESSES = new Set([
+    "0x0000000000000000000000000000000000000000",
+    "0x0000000000000000000000000000000000000001",
+    "0x000000000000000000000000000000000000dead",
+    "0xdead000000000000000000000000000000000000",
+    "0x00000000000000000000000000000000deadbeef",
+]);
+
+function isBurnAddress(address) {
+    return BURN_ADDRESSES.has(address.toLowerCase());
+}
+
 module.exports = {
     DEBUG,
     DEBUG_MNEMONIC,
@@ -28,4 +41,6 @@ module.exports = {
     DEFAULT_BLOCKSCOUT_URL,
     BIP44_ETH_PATH,
     ERC20_ABI,
+    BURN_ADDRESSES,
+    isBurnAddress,
 };

src/shared/etherscanLabels.js

@@ -0,0 +1,102 @@
+// Etherscan address label lookup via page scraping.
+// Extension users make the requests directly to Etherscan — no proxy needed.
+// This is a best-effort enrichment: network failures return null silently.
+
+const ETHERSCAN_BASE = "https://etherscan.io/address/";
+
+// Patterns in the page title that indicate a flagged address.
+// Title format: "Fake_Phishing184810 | Address: 0x... | Etherscan"
+const PHISHING_LABEL_PATTERNS = [/^Fake_Phishing/i, /^Phish:/i, /^Exploiter/i];
+
+// Patterns in the page body that indicate a scam/phishing warning.
+const SCAM_BODY_PATTERNS = [
+    /used in a\s+(?:\w+\s+)?phishing scam/i,
+    /used in a\s+(?:\w+\s+)?scam/i,
+    /wallet\s+drainer/i,
+];
+
+/**
+ * Parse the Etherscan address page HTML to extract label info.
+ * Exported for unit testing (no fetch needed).
+ *
+ * @param {string} html - Raw HTML of the Etherscan address page.
+ * @returns {{ label: string|null, isPhishing: boolean, warning: string|null }}
+ */
+function parseEtherscanPage(html) {
+    // Extract <title> content
+    const titleMatch = html.match(/<title[^>]*>([^<]+)<\/title>/i);
+    let label = null;
+    let isPhishing = false;
+    let warning = null;
+
+    if (titleMatch) {
+        const title = titleMatch[1].trim();
+        // Title: "LABEL | Address: 0x... | Etherscan" or "Address: 0x... | Etherscan"
+        const labelMatch = title.match(/^(.+?)\s*\|\s*Address:/);
+        if (labelMatch) {
+            const candidate = labelMatch[1].trim();
+            // Only treat as a label if it's not just "Address" (unlabeled addresses)
+            if (candidate.toLowerCase() !== "address") {
+                label = candidate;
+            }
+        }
+    }
+
+    // Check label against phishing patterns
+    if (label) {
+        for (const pat of PHISHING_LABEL_PATTERNS) {
+            if (pat.test(label)) {
+                isPhishing = true;
+                warning = `Etherscan labels this address as "${label}" (Phish/Hack).`;
+                break;
+            }
+        }
+    }
+
+    // Check page body for scam warning banners
+    if (!isPhishing) {
+        for (const pat of SCAM_BODY_PATTERNS) {
+            if (pat.test(html)) {
+                isPhishing = true;
+                warning = label
+                    ? `Etherscan labels this address as "${label}" and reports it was used in a scam.`
+                    : "Etherscan reports this address was flagged for phishing/scam activity.";
+                break;
+            }
+        }
+    }
+
+    return { label, isPhishing, warning };
+}
+
+/**
+ * Fetch an address page from Etherscan and check for scam/phishing labels.
+ * Returns a warning object if the address is flagged, or null.
+ * Network failures return null silently (best-effort check).
+ *
+ * @param {string} address - Ethereum address to check.
+ * @returns {Promise<{type: string, message: string, severity: string}|null>}
+ */
+async function checkEtherscanLabel(address) {
+    try {
+        const resp = await fetch(ETHERSCAN_BASE + address, {
+            headers: { Accept: "text/html" },
+        });
+        if (!resp.ok) return null;
+        const html = await resp.text();
+        const result = parseEtherscanPage(html);
+        if (result.isPhishing) {
+            return {
+                type: "etherscan-phishing",
+                message: result.warning,
+                severity: "critical",
+            };
+        }
+        return null;
+    } catch {
+        // Network errors are expected — Etherscan may rate-limit or block.
+        return null;
+    }
+}
+
+module.exports = { parseEtherscanPage, checkEtherscanLabel };

src/shared/phishingDomains.js

@@ -0,0 +1,297 @@
+// Domain-based phishing detection using MetaMask's eth-phishing-detect blocklist.
+//
+// Architecture:
+//   1. A vendored copy of the blocklist ships with the extension
+//      (src/data/phishing-domains.json — sorted blacklist for binary search).
+//   2. Every 24h we fetch the latest list from MetaMask's repo and compute
+//      the delta (new domains not in the vendored snapshot).
+//   3. Only the delta is kept in memory / persisted to chrome.storage.local.
+//   4. Domain checks hit the delta first (fresh scam sites), then the
+//      vendored baseline via binary search.
+//
+// Source: https://github.com/MetaMask/eth-phishing-detect (src/config.json)
+
+const vendoredConfig = require("../data/phishing-domains.json");
+
+const BLOCKLIST_URL =
+    "https://raw.githubusercontent.com/MetaMask/eth-phishing-detect/main/src/config.json";
+
+const CACHE_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours
+const DELTA_STORAGE_KEY = "phishing_domain_delta";
+const DELTA_MAX_BYTES = 256 * 1024; // 256 KiB
+
+// Vendored baseline — sorted arrays for binary search (no extra Set needed).
+const vendoredBlacklist = vendoredConfig.blacklist; // pre-sorted lowercase
+const vendoredWhitelist = new Set(
+    (vendoredConfig.whitelist || []).map((d) => d.toLowerCase()),
+);
+
+// Delta state — only domains added upstream since the vendored snapshot.
+let deltaBlacklistSet = new Set();
+let deltaWhitelistSet = new Set();
+let lastFetchTime = 0;
+let fetchPromise = null;
+let persistedDeltaLoaded = false;
+
+/**
+ * Normalize a domain entry: lowercase and strip wildcard prefix ("*.").
+ * Wildcard domains like "*.evil.com" become "evil.com" — our subdomain
+ * matching in hostnameVariants() already covers child domains.
+ *
+ * @param {string} domain
+ * @returns {string}
+ */
+function normalizeDomain(domain) {
+    const d = domain.toLowerCase();
+    return d.startsWith("*.") ? d.slice(2) : d;
+}
+
+/**
+ * Binary search on a sorted string array.
+ *
+ * @param {string[]} sorted - Sorted array of lowercase strings.
+ * @param {string} target - Lowercase string to find.
+ * @returns {boolean}
+ */
+function binarySearch(sorted, target) {
+    let lo = 0;
+    let hi = sorted.length - 1;
+    while (lo <= hi) {
+        const mid = (lo + hi) >>> 1;
+        if (sorted[mid] === target) return true;
+        if (sorted[mid] < target) lo = mid + 1;
+        else hi = mid - 1;
+    }
+    return false;
+}
+
+/**
+ * Generate hostname variants for subdomain matching.
+ * "sub.evil.com" yields ["sub.evil.com", "evil.com"].
+ *
+ * @param {string} hostname
+ * @returns {string[]}
+ */
+function hostnameVariants(hostname) {
+    const h = hostname.toLowerCase();
+    const variants = [h];
+    const parts = h.split(".");
+    for (let i = 1; i < parts.length - 1; i++) {
+        variants.push(parts.slice(i).join("."));
+    }
+    return variants;
+}
+
+/**
+ * Check if a hostname is on the phishing blocklist.
+ * Checks delta (fresh additions) first, then vendored baseline.
+ * Whitelisted domains (vendored + delta) are never flagged.
+ *
+ * @param {string} hostname - The hostname to check.
+ * @returns {boolean}
+ */
+function isPhishingDomain(hostname) {
+    if (!hostname) return false;
+    const variants = hostnameVariants(hostname);
+
+    // Whitelist takes priority (both vendored and delta)
+    for (const v of variants) {
+        if (vendoredWhitelist.has(v) || deltaWhitelistSet.has(v)) return false;
+    }
+
+    // Check delta first — fresh scam sites hit here
+    for (const v of variants) {
+        if (deltaBlacklistSet.has(v)) return true;
+    }
+
+    // Check vendored baseline via binary search
+    for (const v of variants) {
+        if (binarySearch(vendoredBlacklist, v)) return true;
+    }
+
+    return false;
+}
+
+/**
+ * Get the storage API if available (chrome.storage.local / browser.storage.local).
+ *
+ * @returns {object|null}
+ */
+function getStorageApi() {
+    if (typeof browser !== "undefined" && browser.storage) {
+        return browser.storage.local;
+    }
+    if (typeof chrome !== "undefined" && chrome.storage) {
+        return chrome.storage.local;
+    }
+    return null;
+}
+
+/**
+ * Load persisted delta from chrome.storage.local.
+ * Called once on first update to restore delta across restarts.
+ *
+ * @returns {Promise<void>}
+ */
+async function loadPersistedDelta() {
+    const storage = getStorageApi();
+    if (!storage) return;
+
+    try {
+        const result = await storage.get(DELTA_STORAGE_KEY);
+        const data = result[DELTA_STORAGE_KEY];
+        if (data && data.blacklist && data.whitelist) {
+            deltaBlacklistSet = new Set(data.blacklist);
+            deltaWhitelistSet = new Set(data.whitelist);
+            if (data.fetchTime) {
+                lastFetchTime = data.fetchTime;
+            }
+        }
+    } catch {
+        // Storage unavailable or corrupted — start fresh.
+    }
+    persistedDeltaLoaded = true;
+}
+
+/**
+ * Persist the current delta to chrome.storage.local if it fits in 256 KiB.
+ *
+ * @returns {Promise<void>}
+ */
+async function persistDelta() {
+    const storage = getStorageApi();
+    if (!storage) return;
+
+    const data = {
+        blacklist: Array.from(deltaBlacklistSet),
+        whitelist: Array.from(deltaWhitelistSet),
+        fetchTime: lastFetchTime,
+    };
+
+    const serialized = JSON.stringify(data);
+    if (serialized.length > DELTA_MAX_BYTES) {
+        // Delta too large to persist — keep in memory only.
+        return;
+    }
+
+    try {
+        await storage.set({ [DELTA_STORAGE_KEY]: data });
+    } catch {
+        // Storage write failed — non-fatal.
+    }
+}
+
+/**
+ * Fetch the latest blocklist, compute delta against vendored baseline,
+ * and update in-memory state.  De-duplicates concurrent fetches.
+ *
+ * @returns {Promise<void>}
+ */
+async function updatePhishingList() {
+    // Load persisted delta on first call
+    if (!persistedDeltaLoaded) {
+        await loadPersistedDelta();
+    }
+
+    // Skip if recently fetched
+    if (Date.now() - lastFetchTime < CACHE_TTL_MS) {
+        return;
+    }
+
+    // De-duplicate concurrent calls
+    if (fetchPromise) return fetchPromise;
+
+    fetchPromise = (async () => {
+        try {
+            const resp = await fetch(BLOCKLIST_URL);
+            if (!resp.ok) throw new Error("HTTP " + resp.status);
+            const config = await resp.json();
+
+            // Compute blacklist delta: remote items not in vendored baseline
+            const newDeltaBl = new Set();
+            for (const domain of config.blacklist || []) {
+                const d = normalizeDomain(domain);
+                if (!binarySearch(vendoredBlacklist, d)) {
+                    newDeltaBl.add(d);
+                }
+            }
+
+            // Compute whitelist delta: remote items not in vendored whitelist
+            const newDeltaWl = new Set();
+            for (const domain of config.whitelist || []) {
+                const d = normalizeDomain(domain);
+                if (!vendoredWhitelist.has(d)) {
+                    newDeltaWl.add(d);
+                }
+            }
+
+            deltaBlacklistSet = newDeltaBl;
+            deltaWhitelistSet = newDeltaWl;
+            lastFetchTime = Date.now();
+
+            await persistDelta();
+        } catch {
+            // Fetch failed — keep existing delta, retry next time.
+        } finally {
+            fetchPromise = null;
+        }
+    })();
+
+    return fetchPromise;
+}
+
+/**
+ * Load a pre-parsed config directly into state (vendored + delta combined).
+ * Used for testing.
+ *
+ * @param {{ blacklist?: string[], whitelist?: string[] }} config
+ */
+function loadConfig(config) {
+    // For tests: treat the entire config as delta (overlaid on vendored).
+    // Clear existing delta first.
+    deltaBlacklistSet = new Set((config.blacklist || []).map(normalizeDomain));
+    deltaWhitelistSet = new Set((config.whitelist || []).map(normalizeDomain));
+    lastFetchTime = Date.now();
+    persistedDeltaLoaded = true;
+}
+
+/**
+ * Return total blocklist size (vendored + delta, for diagnostics).
+ *
+ * @returns {number}
+ */
+function getBlocklistSize() {
+    return vendoredBlacklist.length + deltaBlacklistSet.size;
+}
+
+/**
+ * Return delta size (for diagnostics).
+ *
+ * @returns {number}
+ */
+function getDeltaSize() {
+    return deltaBlacklistSet.size;
+}
+
+/**
+ * Reset internal state (for testing).
+ */
+function _reset() {
+    deltaBlacklistSet = new Set();
+    deltaWhitelistSet = new Set();
+    lastFetchTime = 0;
+    fetchPromise = null;
+    persistedDeltaLoaded = false;
+}
+
+module.exports = {
+    isPhishingDomain,
+    updatePhishingList,
+    loadConfig,
+    getBlocklistSize,
+    getDeltaSize,
+    hostnameVariants,
+    binarySearch,
+    normalizeDomain,
+    _reset,
+};

src/shared/state.js

@@ -23,8 +23,10 @@ const DEFAULT_STATE = {
     hideFraudContracts: true,
     hideDustTransactions: true,
     dustThresholdGwei: 100000,
+    utcTimestamps: false,
     fraudContracts: [],
     tokenHolderCache: {},
+    theme: "system",
 };
 
 const state = {
@@ -53,8 +55,10 @@ async function saveState() {
         hideFraudContracts: state.hideFraudContracts,
         hideDustTransactions: state.hideDustTransactions,
         dustThresholdGwei: state.dustThresholdGwei,
+        utcTimestamps: state.utcTimestamps,
         fraudContracts: state.fraudContracts,
         tokenHolderCache: state.tokenHolderCache,
+        theme: state.theme,
         currentView: state.currentView,
         selectedWallet: state.selectedWallet,
         selectedAddress: state.selectedAddress,
@@ -108,8 +112,11 @@ async function loadState() {
             saved.dustThresholdGwei !== undefined
                 ? saved.dustThresholdGwei
                 : 100000;
+        state.utcTimestamps =
+            saved.utcTimestamps !== undefined ? saved.utcTimestamps : false;
         state.fraudContracts = saved.fraudContracts || [];
         state.tokenHolderCache = saved.tokenHolderCache || {};
+        state.theme = saved.theme || "system";
         state.currentView = saved.currentView || null;
         state.selectedWallet =
             saved.selectedWallet !== undefined ? saved.selectedWallet : null;

src/shared/wallet.js

@@ -24,6 +24,26 @@ function hdWalletFromMnemonic(mnemonic) {
     return { xpub, firstAddress };
 }
 
+function hdWalletFromXprv(xprv) {
+    const root = HDNodeWallet.fromExtendedKey(xprv);
+    if (!root.privateKey) {
+        throw new Error("Not an extended private key (xprv).");
+    }
+    const node = root.derivePath("44'/60'/0'/0");
+    const xpub = node.neuter().extendedKey;
+    const firstAddress = node.deriveChild(0).address;
+    return { xpub, firstAddress };
+}
+
+function isValidXprv(key) {
+    try {
+        const node = HDNodeWallet.fromExtendedKey(key);
+        return !!node.privateKey;
+    } catch {
+        return false;
+    }
+}
+
 function addressFromPrivateKey(key) {
     const w = new Wallet(key);
     return w.address;
@@ -38,6 +58,11 @@ function getSignerForAddress(walletData, addrIndex, decryptedSecret) {
         );
         return node.deriveChild(addrIndex);
     }
+    if (walletData.type === "xprv") {
+        const root = HDNodeWallet.fromExtendedKey(decryptedSecret);
+        const node = root.derivePath("44'/60'/0'/0");
+        return node.deriveChild(addrIndex);
+    }
     return new Wallet(decryptedSecret);
 }
 
@@ -49,6 +74,8 @@ module.exports = {
     generateMnemonic,
     deriveAddressFromXpub,
     hdWalletFromMnemonic,
+    hdWalletFromXprv,
+    isValidXprv,
     addressFromPrivateKey,
     getSignerForAddress,
     isValidMnemonic,

tests/etherscanLabels.test.js

@@ -0,0 +1,100 @@
+const { parseEtherscanPage } = require("../src/shared/etherscanLabels");
+
+describe("etherscanLabels", () => {
+    describe("parseEtherscanPage", () => {
+        test("detects Fake_Phishing label in title", () => {
+            const html = `<html><head><title>Fake_Phishing184810 | Address: 0x00000c07...3ea470000 | Etherscan</title></head><body></body></html>`;
+            const result = parseEtherscanPage(html);
+            expect(result.label).toBe("Fake_Phishing184810");
+            expect(result.isPhishing).toBe(true);
+            expect(result.warning).toContain("Fake_Phishing184810");
+            expect(result.warning).toContain("Phish/Hack");
+        });
+
+        test("detects Fake_Phishing with different number", () => {
+            const html = `<html><head><title>Fake_Phishing5169 | Address: 0x3e0defb8...99a7a8a74 | Etherscan</title></head><body></body></html>`;
+            const result = parseEtherscanPage(html);
+            expect(result.label).toBe("Fake_Phishing5169");
+            expect(result.isPhishing).toBe(true);
+        });
+
+        test("detects Exploiter label", () => {
+            const html = `<html><head><title>Exploiter 42 | Address: 0xabcdef...1234 | Etherscan</title></head><body></body></html>`;
+            const result = parseEtherscanPage(html);
+            expect(result.label).toBe("Exploiter 42");
+            expect(result.isPhishing).toBe(true);
+        });
+
+        test("detects scam warning in body text", () => {
+            const html =
+                `<html><head><title>Address: 0xabcdef...1234 | Etherscan</title></head>` +
+                `<body>There are reports that this address was used in a Phishing scam.</body></html>`;
+            const result = parseEtherscanPage(html);
+            expect(result.label).toBeNull();
+            expect(result.isPhishing).toBe(true);
+            expect(result.warning).toContain("phishing/scam");
+        });
+
+        test("detects scam warning with label in body", () => {
+            const html =
+                `<html><head><title>SomeScammer | Address: 0xabcdef...1234 | Etherscan</title></head>` +
+                `<body>There are reports that this address was used in a scam.</body></html>`;
+            const result = parseEtherscanPage(html);
+            expect(result.label).toBe("SomeScammer");
+            expect(result.isPhishing).toBe(true);
+            expect(result.warning).toContain("SomeScammer");
+        });
+
+        test("returns clean result for legitimate address", () => {
+            const html = `<html><head><title>vitalik.eth | Address: 0xd8dA6BF2...37aA96045 | Etherscan</title></head><body>Overview</body></html>`;
+            const result = parseEtherscanPage(html);
+            expect(result.label).toBe("vitalik.eth");
+            expect(result.isPhishing).toBe(false);
+            expect(result.warning).toBeNull();
+        });
+
+        test("returns clean result for unlabeled address", () => {
+            const html = `<html><head><title>Address: 0x1234567890...abcdef | Etherscan</title></head><body>Overview</body></html>`;
+            const result = parseEtherscanPage(html);
+            expect(result.label).toBeNull();
+            expect(result.isPhishing).toBe(false);
+            expect(result.warning).toBeNull();
+        });
+
+        test("handles exchange labels correctly (not phishing)", () => {
+            const html = `<html><head><title>Coinbase 10 | Address: 0xa9d1e08c...b81d3e43 | Etherscan</title></head><body>Overview</body></html>`;
+            const result = parseEtherscanPage(html);
+            expect(result.label).toBe("Coinbase 10");
+            expect(result.isPhishing).toBe(false);
+        });
+
+        test("handles contract names correctly (not phishing)", () => {
+            const html = `<html><head><title>Beacon Deposit Contract | Address: 0x00000000...03d7705Fa | Etherscan</title></head><body>Overview</body></html>`;
+            const result = parseEtherscanPage(html);
+            expect(result.label).toBe("Beacon Deposit Contract");
+            expect(result.isPhishing).toBe(false);
+        });
+
+        test("handles empty HTML gracefully", () => {
+            const result = parseEtherscanPage("");
+            expect(result.label).toBeNull();
+            expect(result.isPhishing).toBe(false);
+            expect(result.warning).toBeNull();
+        });
+
+        test("handles malformed title tag", () => {
+            const html = `<html><head><title></title></head><body></body></html>`;
+            const result = parseEtherscanPage(html);
+            expect(result.label).toBeNull();
+            expect(result.isPhishing).toBe(false);
+        });
+
+        test("detects wallet drainer warning", () => {
+            const html =
+                `<html><head><title>Address: 0xabc...def | Etherscan</title></head>` +
+                `<body>This is a known wallet drainer contract.</body></html>`;
+            const result = parseEtherscanPage(html);
+            expect(result.isPhishing).toBe(true);
+        });
+    });
+});

tests/phishingDomains.test.js

@@ -0,0 +1,247 @@
+const {
+    isPhishingDomain,
+    loadConfig,
+    getBlocklistSize,
+    getDeltaSize,
+    hostnameVariants,
+    binarySearch,
+    normalizeDomain,
+    _reset,
+} = require("../src/shared/phishingDomains");
+
+// The vendored baseline is loaded automatically via require().
+// _reset() clears only the delta state, not the vendored baseline.
+beforeEach(() => {
+    _reset();
+});
+
+describe("phishingDomains", () => {
+    describe("hostnameVariants", () => {
+        test("returns exact hostname plus parent domains", () => {
+            const variants = hostnameVariants("sub.evil.com");
+            expect(variants).toEqual(["sub.evil.com", "evil.com"]);
+        });
+
+        test("returns just the hostname for a bare domain", () => {
+            const variants = hostnameVariants("example.com");
+            expect(variants).toEqual(["example.com"]);
+        });
+
+        test("handles deep subdomain chains", () => {
+            const variants = hostnameVariants("a.b.c.d.com");
+            expect(variants).toEqual([
+                "a.b.c.d.com",
+                "b.c.d.com",
+                "c.d.com",
+                "d.com",
+            ]);
+        });
+
+        test("lowercases hostnames", () => {
+            const variants = hostnameVariants("Evil.COM");
+            expect(variants).toEqual(["evil.com"]);
+        });
+    });
+
+    describe("binarySearch", () => {
+        const sorted = ["alpha.com", "beta.com", "gamma.com", "zeta.com"];
+
+        test("finds existing elements", () => {
+            expect(binarySearch(sorted, "alpha.com")).toBe(true);
+            expect(binarySearch(sorted, "gamma.com")).toBe(true);
+            expect(binarySearch(sorted, "zeta.com")).toBe(true);
+        });
+
+        test("returns false for missing elements", () => {
+            expect(binarySearch(sorted, "aaa.com")).toBe(false);
+            expect(binarySearch(sorted, "delta.com")).toBe(false);
+            expect(binarySearch(sorted, "zzz.com")).toBe(false);
+        });
+
+        test("handles empty array", () => {
+            expect(binarySearch([], "anything")).toBe(false);
+        });
+
+        test("handles single-element array", () => {
+            expect(binarySearch(["only.com"], "only.com")).toBe(true);
+            expect(binarySearch(["only.com"], "other.com")).toBe(false);
+        });
+    });
+
+    describe("normalizeDomain", () => {
+        test("strips *. wildcard prefix", () => {
+            expect(normalizeDomain("*.evil.com")).toBe("evil.com");
+            expect(normalizeDomain("*.sub.evil.com")).toBe("sub.evil.com");
+        });
+
+        test("lowercases domains", () => {
+            expect(normalizeDomain("Evil.COM")).toBe("evil.com");
+            expect(normalizeDomain("*.Evil.COM")).toBe("evil.com");
+        });
+
+        test("passes through normal domains unchanged", () => {
+            expect(normalizeDomain("example.com")).toBe("example.com");
+        });
+    });
+
+    describe("wildcard domain handling", () => {
+        test("wildcard blacklist entries match via loadConfig", () => {
+            loadConfig({
+                blacklist: ["*.scam-site.com", "normal-scam.com"],
+                whitelist: [],
+            });
+            // *.scam-site.com is normalized to scam-site.com
+            expect(isPhishingDomain("scam-site.com")).toBe(true);
+            expect(isPhishingDomain("sub.scam-site.com")).toBe(true);
+            expect(isPhishingDomain("normal-scam.com")).toBe(true);
+        });
+    });
+
+    describe("vendored baseline detection", () => {
+        // These tests verify that the vendored phishing-domains.json
+        // is loaded and searchable without any delta loaded.
+
+        test("getBlocklistSize reflects vendored list (no delta)", () => {
+            // The vendored list has 231k+ domains; delta is empty after reset.
+            expect(getBlocklistSize()).toBeGreaterThan(200000);
+            expect(getDeltaSize()).toBe(0);
+        });
+
+        test("returns false for clean domains against vendored list", () => {
+            expect(isPhishingDomain("google.com")).toBe(false);
+            expect(isPhishingDomain("github.com")).toBe(false);
+        });
+
+        test("returns false for empty/null hostname", () => {
+            expect(isPhishingDomain("")).toBe(false);
+            expect(isPhishingDomain(null)).toBe(false);
+        });
+    });
+
+    describe("delta (loadConfig) + isPhishingDomain", () => {
+        test("detects domains loaded into delta via loadConfig", () => {
+            loadConfig({
+                blacklist: ["evil-phishing.com", "scam-swap.xyz"],
+                whitelist: [],
+            });
+            expect(isPhishingDomain("evil-phishing.com")).toBe(true);
+            expect(isPhishingDomain("scam-swap.xyz")).toBe(true);
+        });
+
+        test("detects subdomain of delta-blacklisted domain", () => {
+            loadConfig({
+                blacklist: ["evil-phishing.com"],
+                whitelist: [],
+            });
+            expect(isPhishingDomain("app.evil-phishing.com")).toBe(true);
+            expect(isPhishingDomain("sub.app.evil-phishing.com")).toBe(true);
+        });
+
+        test("delta whitelist overrides delta blacklist", () => {
+            loadConfig({
+                blacklist: ["metamask.io"],
+                whitelist: ["metamask.io"],
+            });
+            expect(isPhishingDomain("metamask.io")).toBe(false);
+        });
+
+        test("delta whitelist on parent domain overrides blacklist", () => {
+            loadConfig({
+                blacklist: ["sub.legit.com"],
+                whitelist: ["legit.com"],
+            });
+            expect(isPhishingDomain("sub.legit.com")).toBe(false);
+        });
+
+        test("case-insensitive matching in delta", () => {
+            loadConfig({
+                blacklist: ["Evil-Phishing.COM"],
+                whitelist: [],
+            });
+            expect(isPhishingDomain("evil-phishing.com")).toBe(true);
+            expect(isPhishingDomain("EVIL-PHISHING.COM")).toBe(true);
+        });
+
+        test("getDeltaSize reflects loaded delta", () => {
+            loadConfig({
+                blacklist: ["a.com", "b.com", "c.com"],
+                whitelist: ["d.com"],
+            });
+            expect(getDeltaSize()).toBe(3);
+        });
+
+        test("re-loading config replaces previous delta", () => {
+            loadConfig({
+                blacklist: ["old-scam.com"],
+                whitelist: [],
+            });
+            expect(isPhishingDomain("old-scam.com")).toBe(true);
+
+            loadConfig({
+                blacklist: ["new-scam.com"],
+                whitelist: [],
+            });
+            expect(isPhishingDomain("old-scam.com")).toBe(false);
+            expect(isPhishingDomain("new-scam.com")).toBe(true);
+        });
+
+        test("handles config with no blacklist/whitelist keys", () => {
+            loadConfig({});
+            expect(getDeltaSize()).toBe(0);
+        });
+    });
+
+    describe("real-world MetaMask blocklist patterns (via delta)", () => {
+        test("detects known phishing domains loaded as delta", () => {
+            loadConfig({
+                blacklist: [
+                    "uniswap-trade.web.app",
+                    "hopprotocol.pro",
+                    "blast-pools.pages.dev",
+                ],
+                whitelist: [],
+            });
+            expect(isPhishingDomain("uniswap-trade.web.app")).toBe(true);
+            expect(isPhishingDomain("hopprotocol.pro")).toBe(true);
+            expect(isPhishingDomain("blast-pools.pages.dev")).toBe(true);
+        });
+
+        test("delta whitelist overrides vendored blacklist entries", () => {
+            // If a domain is in the vendored blacklist but a fresh whitelist
+            // update adds it, the whitelist should win.
+            loadConfig({
+                blacklist: [],
+                whitelist: ["opensea.io", "metamask.io", "etherscan.io"],
+            });
+            expect(isPhishingDomain("opensea.io")).toBe(false);
+            expect(isPhishingDomain("metamask.io")).toBe(false);
+            expect(isPhishingDomain("etherscan.io")).toBe(false);
+        });
+    });
+
+    describe("delta + vendored interaction", () => {
+        test("delta blacklist entries are found even with empty vendored match", () => {
+            // This domain is (almost certainly) not in the vendored list
+            const uniqueDomain =
+                "test-unique-domain-not-in-vendored-" +
+                Date.now() +
+                ".example.com";
+            expect(isPhishingDomain(uniqueDomain)).toBe(false);
+
+            loadConfig({
+                blacklist: [uniqueDomain],
+                whitelist: [],
+            });
+            expect(isPhishingDomain(uniqueDomain)).toBe(true);
+        });
+
+        test("getBlocklistSize includes both vendored and delta", () => {
+            const baseSize = getBlocklistSize();
+            loadConfig({
+                blacklist: ["new-a.com", "new-b.com"],
+                whitelist: [],
+            });
+            expect(getBlocklistSize()).toBe(baseSize + 2);
+        });
+    });
+});