Wow... that looks to me like they're injecting their affiliate code to some URLs which the user would have to type in manually, like "binance.com", "coinbase.com/join", or "trezor.io/product/trezor-one-metallic". That's affiliate fraud -- Brave is not responsible for referring the user to those URLs, so it's inappropriate for them to claim credit for the referral. I'd be shocked if the parties involved didn't terminate Brave's affiliate account upon discovering this.