Golden Finance reports that Yu Xian, the founder of Slow Fog, stated on X that attackers exploited an XSS vulnerability on the Cointelegraph website to trick target users into opening a link to the Cointelegraph official site (which contained XSS malicious script), resulting in: - The malicious script being loaded and executed; - The address bar being set to https://cointelegraph[.]com/not-public/drafts/article-1033, making it seem like an official unpublished draft; - A counterfeit box for 'Sign in with X' popping up; - After clicking 'Sign in with X', it opens the third-party application authorization for X, where a large blank space is left in the permissions list. If one clicks authorize without paying attention, the permissions related to the X platform will be taken over by the attacker.