According to Odaily, the founder of SlowMist, Yu Xian, has reported a case of a user's CEX account being maliciously manipulated, resulting in the theft of assets worth a million dollars. The team is currently investigating and analyzing the incident.
Yu Xian pointed out that there are numerous methods of attacking the CEX web platform. These include malicious extensions that steal cookies, clipboard attacks, form alterations, and request modifications. Apart from malicious extensions, other viable methods include reverse proxy phishing and Trojan viruses.
The web platform has many inherent vulnerabilities, making it a prime target for such attacks. Therefore, risk control strategies for the web platform need to be more stringent than those for the app platform.