CoinMarketCap hacked: Fake Web3 popup drained crypto wallets
▼ Summary
– CoinMarketCap experienced a supply chain attack where a malicious script injected via a homepage “doodle” image drained crypto from visitors’ wallets.
– The attack exploited a vulnerability in an API call, displaying fake Web3 popups that mimicked legitimate wallet connection requests.
– Cybersecurity firm c/side confirmed the breach targeted a third-party tool, making it hard to detect as it exploited trusted platform elements.
– Attackers stole $43,266 from 110 victims, with evidence shared on a French-speaking Telegram channel.
– Wallet drainers are a growing threat, stealing nearly $500 million in 2024, prompting Mozilla to enhance detection in browser add-ons.
CoinMarketCap recently fell victim to a sophisticated cyberattack that compromised user crypto wallets through a deceptive Web3 popup. The incident occurred when visitors to the popular cryptocurrency tracking platform encountered fraudulent prompts asking them to connect their digital wallets. Unbeknownst to users, these popups contained malicious scripts designed to siphon funds from connected accounts.
Investigations revealed that hackers exploited a vulnerability in the site’s homepage doodle image, injecting harmful JavaScript code via a manipulated API call. This supply chain attack bypassed CoinMarketCap’s security by targeting a third-party resource rather than the platform’s own servers. Once executed, the script displayed a convincing but fake wallet connection request, tricking users into approving unauthorized transactions.
CoinMarketCap’s security team responded swiftly, removing the compromised content and implementing measures to prevent further exploitation. In a public statement, the company assured users that all systems were restored and deemed secure. However, cybersecurity experts noted the growing sophistication of such attacks, which leverage trusted platform elements to evade detection.
According to cybersecurity firm c/side, the malicious payload originated from an external domain, static.cdnkit[.]io, and was designed to mimic legitimate Web3 interactions. A threat actor known as Rey later shared evidence of the attack’s success, revealing that $43,266 was stolen from 110 victims before the breach was contained.
Wallet drainers have become an increasingly prevalent threat in the crypto space, with attackers employing social media scams, fake ads, and even malicious browser extensions to distribute their scripts. Recent data shows these schemes stole nearly $500 million in 2024 alone, affecting over 300,000 wallet addresses. The surge in such attacks has prompted platforms like Mozilla to enhance security measures, including new systems to detect wallet-draining malware in browser extensions.
As crypto adoption grows, so does the need for heightened vigilance. Users are advised to scrutinize unexpected wallet connection requests and verify the authenticity of Web3 interactions before approving transactions. Platforms, meanwhile, must prioritize third-party risk assessments to prevent similar supply chain breaches in the future.
(Source: Bleeping Computer)
