SlowMist Cosine posted on X platform, saying: "After reviewing the dozens of stolen intelligence reports related to GMGN submitted to us, the commonality is: users' private keys were not leaked, but SOL BNB were all bought into the Pixiu pool (meaning they can only be bought and not sold). Hackers mainly took away users' funds by withdrawing from the Pixiu pool, making profits of over 700,000 USD. The cause of this situation (not private key leakage) is probably a more advanced phishing method. Since GMGN has already fixed the related issues, it is not easy to reproduce. It is speculated to be related to the GMGN account mode. Users visit phishing websites, where the phishing websites obtain the user's GMGN account mode login signature information, such as access_token and refresh_token values, take over the user's account permissions, but without the user's 2FA, they cannot directly export private keys or withdraw funds. Therefore, they use the Pixiu pool to achieve "cross-trading" attacks on user funds, indirectly stealing user assets."