According to Odaily Planet Daily, SlowMist Yuxian posted on the X platform: "After reviewing dozens of stolen intelligence reports related to GMGN submitted to us, we found a common trait: users' private keys were not leaked, but all SOL and BNB were purchased on the Pixiu platform (i.e., only buy and not sell). The hackers mainly siphoned off user funds by withdrawing the Pixiu platform from the pool, making a profit of over $700,000."

This situation (and not a private key leak) is likely caused by a more advanced phishing attack. Since GMGN has already fixed the issue, reproducing it is difficult. We suspect it's related to the GMGN account model. Users visit phishing websites, which obtain the user's GMGN account model login signature information, such as the access_token and refresh_token values, and take over the user's account permissions. However, without the user's 2FA, they can't directly export private keys or withdraw funds. Therefore, they use the Pixiu disk to launch a "counter-knocking" attack on user funds, indirectly stealing user assets.