- Cointelegraph and CoinMarketCap both suffered front-end security breaches in late June.
- Attackers used fake pop-ups to trick users into connecting their crypto wallets, putting funds at risk.
- The incidents involved deceptive ads and malicious JavaScript code to trigger wallet-draining schemes.
- Cointelegraph and security firm Scam Sniffer confirmed that user assets could be stolen if wallets were connected.
- Former Binance CEO Changpeng Zhao reported losses totaling $18,570 from the CoinMarketCap incident, highlighting a trend in targeting crypto information sites.
On June 22, Cointelegraph confirmed a security breach that exposed users to a fraudulent pop-up on its website. The pop-up asked visitors to connect their crypto wallets, which could allow attackers to access and drain funds. The breach affected the front end of the site, with scammers promoting a fake Cointelegraph token (CTG) and an unauthorized initial coin offering (ICO).
Blockchain security platform Scam Sniffer first identified the compromise, reporting that attackers tried to trick users into granting wallet access. The group traced the issue to a JavaScript payload hidden in an advertisement banner, originating from a domain similar to known ad services. Cointelegraph responded in a public statement, advising users not to interact with pop-ups offering “CTG tokens” or advertising Cointelegraph ICO airdrops.
“Our security team identified a vulnerability related to a doodle image displayed on our homepage. This doodle image contained a link that triggered malicious code through an API call, resulting in an unexpected pop-up for some users when visited our homepage,” CoinMarketCap shared on social media after dealing with a similar attack on June 20. That incident involved a fake wallet prompt caused by a malicious script embedded in a doodle image. The company stated that the vulnerability temporarily disrupted the site’s homepage before it was resolved.
Both incidents used nearly identical tactics: inserting deceptive pop-ups using malicious JavaScript code delivered via site advertisements. Attackers attempted to trick users into connecting their wallets to fraudulent services, putting user funds in danger. This method relies on exploiting ad infrastructures and injecting unauthorized code.
Former Binance CEO Changpeng Zhao noted on social media that 39 people were affected in the CoinMarketCap breach, with combined losses of $18,570. He called attention to a pattern of attackers targeting crypto information websites with wallet-draining Scams. Zhao advised users to avoid interacting with unfamiliar decentralized applications (dApps) and to monitor wallet activity closely to reduce risk.
These coordinated attacks underline the importance of vigilance among crypto users, who should avoid connecting their wallets to suspicious prompts and verify all platform communications. Both Cointelegraph and CoinMarketCap are continuing to investigate and remove any remaining security threats.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Rising Global Tensions Drive Gold Prices Higher Amid Conflict Fears
- Metaplanet Now Eighth-Largest Bitcoin Holder After $118M Buy
- OKX Considers US IPO After Relaunch Amid Regulatory Scrutiny in Asia
- Bitcoin Recovers Above $101K After US-Israel Strikes on Iran
- B3 Unveils Crypto Gaming PC With Self-Destruct Security Drive
