Crypto News Sites Hacked to Drain Wallets via Pop-Ups
â–Ľ Summary
– CoinMarketCap and CoinTelegraph were compromised, serving phishing pop-ups that tricked users into connecting crypto wallets.
– The CoinMarketCap attack involved a malicious pop-up triggered by a third-party “doodle” image, stealing $21,624.47 from 76 users.
– Attackers manipulated an API request to inject hidden JavaScript, creating a realistic overlay to steal wallet credentials or private keys.
– The incident was a supply chain attack, exploiting a trusted third-party resource rather than directly breaching CoinMarketCap’s servers.
– Both attacks were linked to Inferno Drainer, a “Drainer-as-a-Service” group, and the sites have since been secured.
Major cryptocurrency news platforms CoinMarketCap and CoinTelegraph were recently hacked, exposing visitors to sophisticated phishing pop-ups designed to steal wallet credentials. The incidents highlight growing concerns about supply chain vulnerabilities in the crypto space, where attackers exploit trusted third-party services to bypass security measures.
CoinMarketCap, a leading crypto data aggregator, confirmed its homepage displayed fraudulent pop-ups on June 20, 2025. The malicious overlay urged users to connect their wallets to maintain account access, mimicking legitimate prompts. Security firm Blockaid traced the attack to a compromised third-party “doodle” image, which injected harmful JavaScript code through an API call.
The script cleverly disguised itself, executing only once per session while hiding genuine site elements. When users clicked “Connect Wallet,” the code attempted to link to their crypto wallets (such as MetaMask or Phantom), redirecting credentials to attacker-controlled domains. CoinMarketCap later disclosed that 76 users lost a combined $21,624.47, with promises of full reimbursement.
Experts from c/side, a cybersecurity startup, dissected the attack, revealing how hackers manipulated the API response to include hidden JavaScript. This code not only triggered deceptive overlays but also detected wallet types, customized phishing flows, and even displayed fake errors to pressure victims into retrying.
The breach exemplifies a supply chain attack, hackers didn’t infiltrate CoinMarketCap directly but hijacked a trusted external resource. Such client-side exploits bypass traditional defenses like firewalls, leveraging user trust in reputable platforms.
CoinTelegraph also fell victim, with its banner system briefly compromised on June 21. Attackers pushed a fake token airdrop ad, likely tied to Inferno Drainer, a notorious “Drainer-as-a-Service” operation linked to hundreds of millions in crypto thefts.
Both platforms have since resolved the issues, implementing stricter security protocols. These incidents serve as a stark reminder for users to scrutinize unexpected wallet connection requests, even on trusted sites. As phishing tactics grow more sophisticated, vigilance remains the best defense against digital asset theft.
For real-time updates on emerging threats, consider subscribing to cybersecurity alerts, staying informed could mean the difference between safeguarding your assets and falling prey to the next attack.
(Source: NewsAPI Cybersecurity & Enterprise)
