CoinVoice has recently learned that Yu Xian, the founder of Slow Mist, disclosed an XSS attack targeting the cryptocurrency industry on platform X. The attacker exploited an XSS vulnerability in the cryptocurrency media site Cointelegraph to lure target users into opening a link to the official Cointelegraph website (with XSS malicious script), thus:
Malicious script is loaded and executed; the address bar is set to a suspicious address (which at first glance appears to be an unreleased draft from the official site); then a fake 'Sign in with X' box pops up; clicking 'Sign in with X' opens third-party app authorization for X, where the permissions list has a large blank space, and if you are not careful and click authorize, your permissions related to X are taken over by the attacker.
This type of phishing with slight exploitation is even more difficult for the public to defend against, requiring extra caution. [Original link]