I looked at dozens of theft reports related to GMGN that were submitted to us, and the commonality is: the users' private keys were not leaked, but SOL and BNB were bought into a Pi Xiu pool (which can only buy and not sell). These Pi Xiu pools were created from the following two addresses: BSC: 0xF130B08341F9e305894bE3618EE55eedcccD2ee0 Solana: 88tpuCQchoyABszFDbrcD7hvkaUS3CAoJb94nFRT1MHU The hacker mainly rolled away users' funds by withdrawing from the Pi Xiu pool, profiting over 700,000 USD. The cause of this situation (and not a private key leak) is likely due to a more advanced phishing method. Since GMGN has already fixed the related issues, reproducing it is not easy. I suspect it is related to the GMGN account model, where users visit a phishing website, and the phishing site obtains the login signature information of the user's GMGN account model, such as the access_token and refresh_token values, taking over the user's account permissions. However, without the user's 2FA, they cannot directly export the private key or withdraw funds, so they implement a "wash trading" attack through the Pi Xiu pool to indirectly steal users' assets. I have practiced this kind of advanced phishing exploitation on a certain platform, which was very grateful and fixed it. But regarding this incident with GMGN, only GMGN knows the specific exploitation method; I am just making a guess. Time is limited, and I will find time to look deeper into the new exploit.