加密社区遭遇新型 X 账户劫持攻击，可绕过双重认证

链捕手

Sep 26, 2025

ChainCatcher 消息，加密货币开发者 Zak Cole 披露，一种新型钓鱼攻击正在针对加密社区成员的 X（原 Twitter）账户。该攻击通过伪装成 Google Calendar 应用的授权请求，诱导用户授予完整账户控制权限。攻击者利用 X 平台的应用授权机制，可完全绕过密码和双重认证。

MetaMask 安全研究员已确认该攻击在野外活跃。建议用户访问 X 的已连接应用页面，检查并撤销可疑的 “Calendar” 应用授权以确保账户安全。

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2570117020"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"isCrawlerRequest":true,"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2570117020\",edition:\"fundamental\",auth_exemption:1,,,undefined,":{"share":"https://ttm.financial/m/news/2570117020?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2025-09-26 11:24","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2570117020","market":"nz","top_or_hot":-1,"title":"加密社区遭遇新型 X 账户劫持攻击，可绕过双重认证","media":"链捕手","content":"<html><body><p>ChainCatcher 消息，加密货币开发者 Zak Cole 披露，一种新型钓鱼攻击正在针对加密社区成员的 X（原 Twitter）账户。该攻击通过伪装成 Google Calendar 应用的授权请求，诱导用户授予完整账户控制权限。攻击者利用 X 平台的应用授权机制，可完全绕过密码和双重认证。</p><p>MetaMask 安全研究员已确认该攻击在野外活跃。建议用户访问 X 的已连接应用页面，检查并撤销可疑的 “Calendar” 应用授权以确保账户安全。</p></body></html>","source":null,"html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>加密社区遭遇新型 X 账户劫持攻击，可绕过双重认证</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\n加密社区遭遇新型 X 账户劫持攻击，可绕过双重认证\n</h2>\n\n<h4 class=\"meta\">\n\n\n<a class=\"head\" href=\"https://laohu8.com/wemedia/1041503808\">\n\n\n<div class=\"h-thumb\" style=\"background-image:url(https://community-static.tradeup.com/news/64f0784cc29a0d0070f6e968ef6ec7f5);background-size:cover;\"></div>\n\n<div class=\"h-content\">\n<p class=\"h-name\">链捕手 </p>\n<p class=\"h-time\">2025-09-26 11:24</p>\n</div>\n\n</a>\n\n\n</h4>\n\n</header>\n<article>\n<html><body><p>ChainCatcher 消息，加密货币开发者 Zak Cole 披露，一种新型钓鱼攻击正在针对加密社区成员的 X（原 Twitter）账户。该攻击通过伪装成 Google Calendar 应用的授权请求，诱导用户授予完整账户控制权限。攻击者利用 X 平台的应用授权机制，可完全绕过密码和双重认证。</p><p>MetaMask 安全研究员已确认该攻击在野外活跃。建议用户访问 X 的已连接应用页面，检查并撤销可疑的 “Calendar” 应用授权以确保账户安全。</p></body></html>\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"BK4534","symbol_name":"瑞士信贷持仓","start_time":0,"source_url":"https://www.chaincatcher.com/article/2208678","article_id":"2570117020","we_media_id":"1041503808","thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2570117020","pubTimestamp":1758857085,"columns":[],"sourceInfo":null,"weMediaInfo":{"media_name":"链捕手","introduction":"链捕手ChainCatcher 成立于 2018 年，是一家领先的中文 Web3 媒体及数据服务商。","home_visible":1,"id":"1041503808","head_image":"https://community-static.tradeup.com/news/64f0784cc29a0d0070f6e968ef6ec7f5"},"summary":" ChainCatcher 消息，加密货币开发者 Zak Cole 披露，一种新型钓鱼攻击正在针对加密社区成员的 X（原 Twitter）账户。该攻击通过伪装成 Google Calendar 应用的授权请求，诱导用户授予完整账户控制权限。攻击者利用 X 平台的应用授权机制，可完全绕过密码和双重认证。MetaMask 安全研究员已确认该攻击在野外活跃。建议用户访问 X 的已连接应用页面，检查并撤销可疑的 “Calendar” 应用授权以确保账户安全。 ","collect":0,"end_time":0,"defaultTopTitle":"","property":[],"viewcount":null,"language":"zh","relate_stocks":{"BK4534":"瑞士信贷持仓","BK4508":"社交媒体","BK4077":"互动媒体与服务","TWTR":"Twitter","BK4579":"人工智能","BK4516":"特朗普概念"},"translate_title":"Crypto Community Hits New X Account Hijacking Attack That Bypasses Two-Factor Authentication","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"TWTR":0.9},"content_text":"ChainCatcher 消息，加密货币开发者 Zak Cole 披露，一种新型钓鱼攻击正在针对加密社区成员的 X（原 Twitter）账户。该攻击通过伪装成 Google Calendar 应用的授权请求，诱导用户授予完整账户控制权限。攻击者利用 X 平台的应用授权机制，可完全绕过密码和双重认证。MetaMask 安全研究员已确认该攻击在野外活跃。建议用户访问 X 的已连接应用页面，检查并撤销可疑的 “Calendar” 应用授权以确保账户安全。","kind":"highlight","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"-1","news_tag":"","news_rank":0,"symbols":[],"gpt_button":0,"need_auth":false,"code":"91000000","status":"200"}}}