PANews reported on November 28 that SlowMist founder Yu Xian disclosed an XSS attack on the crypto industry on the X platform. The attacker exploited the XSS vulnerability of the crypto media Cointelegraph website to trick the target user into opening the Cointelegraph official website link (with an XSS malicious script), and then: the malicious script was loaded and executed; the address bar was set to a suspicious address (I thought it was an unreleased official draft); then the fake Sign in with X box popped up; after clicking Sign in with X, the third-party application authorization of X was opened, and a large blank was left in the permission list. If you didn't notice and clicked on the authorization, your X-related permissions would be taken over by the attacker. This kind of phishing with a little vulnerability exploitation is even more difficult for the general public to guard against, so you need to pay more attention.