Unfortunately you haven't posted any link to the post or an article where it's described, because some details would be missing.
First, of course if you visit an infected website and then bookmark it, the site's JavaScript code will be executed of course. The victim didn't clarify that they did "not" visit the website before bookmarking it.
Often these stories are posted by engagement farmers on X, and they tend to have incomplete and sometimes even completely wrong information. There was one about a market maker these days, completely fabricated and not even the basic information within it was correct.
Second, if it wasn't a traditional bookmark but a bookmarklet, then it directly would store JavaScript code, which can probably be infected too. It seems that the code is executed indeed when storing it, so this could be the reason. So the advice would be: don't use bookmarklets on computers where you're dealing with crypto.
In terms of bookmarklet and bookmarks, I believe that this is just a case where most people will use the word bookmark when referring to either one of those and in most cases it is fine. I think that your advice on the disuse of bookmarklets is insufficient, the problem here is much deeper. JavaScript is an abomination and extremely insecure, but so is the interpreter the browser. So extension wallets with a browser that accepts JavaScript is a security nightmare. However, the fault is most often with the users. If we take an analysis at those that get hacked in these stories, we will often find that they have no justifiable reason for keeping a large amount of money in the Extension wallet (such as high speed but manual DeFi trading would require). They are either just lazy or stupid. There is no reason to have $10k, $30k on an extension wallet unless you have $30-$300m in your hardware wallet. In that case though, I expect the person not to complain but humbly accept the expected loss.
That's a weird part—how will bookmarking become JavaScript itself? You might be talking about bookmarklets, not bookmarking, since when we bookmark a page, it only saves the URL and the name of the page, not the JavaScript from the site.
The other option is to have that Javascript if you downloaded the page that includes all things from the site downloaded locally on your device that you can open offline and execute all codes, including the HTML, CSS, images, and Javascripts.
There is no need to write the same thing that d5000 wrote with different phrasing and to use AI too to do it.
Bookmarking should have nothing to do with compromising our wallet. The one who is a victim from the OP might have been infected already before the hacking happened.
Your general statement is useless and wrong. This was a targeted attack with malicious JavaScript.
