Golden Finance reported that Yu Xian, the founder of Slow Mist, published an article stating that attackers used the XSS vulnerability of the Cointelegraph website to trick target users into opening the Cointelegraph official website link (with XSS malicious script), so: - Malicious scripts are loaded and executed; - The address bar is set to https://cointelegraph[.]com/not-public/drafts/article-1033. At first glance, I thought it was an official unreleased draft; - Then the fake Sign in with X box pops up; - After clicking Sign in with X, open the third-party application authorization of