Wu said that Slow Fog founder Yu Xian disclosed an XSS attack targeting the cryptocurrency industry. The attacker exploited an XSS vulnerability on the cryptocurrency media website Cointelegraph to lure target users into opening a link to the Cointelegraph official website (which contained XSS malicious script). As a result: the malicious script was loaded and executed; the address bar was set to a suspicious address (which at first glance looked like an official unpublished draft); then a fake 'Sign in with X' box popped up; after clicking 'Sign in with X', the third-party application authorization for X opened, and the permissions list had a large blank space. If you inadvertently clicked authorize without paying attention at this point, your X-related permissions would be taken over by the attacker. Such phishing that slightly exploits vulnerabilities is particularly difficult for the public to guard against and requires extra caution.