According to Wu Shuo, SlowMist Yuxian said on social media that they received an incident in which a user's exchange account was maliciously counter-traded and millions of dollars of assets were stolen. The team is following up and analyzing it. The exchange's Web-side attack methods are diverse, including using malicious extensions to take away cookies, clipboard attacks, form tampering, request tampering, etc. In addition to malicious extensions, reverse proxy phishing, Trojan viruses, etc. are also feasible attack methods. The Web side has many security shortcomings, so the risk control strategy should be higher than the App side. It is reported that the thief is likely to be a habitual offender.