The first Trillion Dollar Security (1TS) report reveals that most Ethereum wallets rely on insecure key-storage methods, such as plaintext seed phrases, and lack built-in tools to manage or revoke token approvals, leaving users exposed to phishing and malicious contracts

Quotes that support claims

Most widely used software wallets rely on users securely storing seed phrases representing their underlying cryptographic private key, which often leads them to use insecure workarounds like storing seed phrases in plaintext, on cloud services, or writing them down on paper.

This can expose users to malicious apps or compromised frontends, because the default pattern for many users is to grant unlimited approvals which can be used to drain their funds.

There is no way for users to manage or review their outstanding approvals from within most wallets.