Fake Web3 Wallet Scam Costs CoinMarketCap Users $43K
▼ Summary
– CoinMarketCap suffered a cyber-attack exposing users to a fake Web3 wallet prompt that stole funds from connected wallets before being contained.
– The breach involved a compromised homepage “doodle” image, which loaded a malicious script via a tampered API call, triggering a wallet-draining popup.
– Cybersecurity firm c/side identified the attack as a supply chain attack, exploiting a trusted third-party resource rather than CoinMarketCap’s servers directly.
– Attackers stole $43,266 from 110 wallets, with evidence suggesting the perpetrators communicated in French, as revealed by a threat actor’s dashboard screenshot.
– Wallet providers like MetaMask and Phantom flagged CoinMarketCap as unsafe, and the incident raised renewed concerns about the platform’s security history.
A sophisticated phishing attack recently targeted CoinMarketCap users, tricking them into connecting their crypto wallets to a malicious Web3 prompt that siphoned over $43,000 in digital assets. The incident, which unfolded on June 20, involved a deceptive popup disguised as a legitimate wallet connection request. Once users approved the link, a hidden script drained their funds without warning.
Investigations revealed the attack originated from a compromised “doodle” image on CoinMarketCap’s homepage. Hackers manipulated an API call to inject malicious JavaScript, which then loaded a wallet-draining script from an external domain. The platform swiftly removed the tampered content and assured users that systems were secured, but not before 110 wallets fell victim to the scam.
Cybersecurity experts classified this as a supply chain attack, emphasizing how hackers exploited a trusted third-party resource rather than breaching CoinMarketCap’s servers directly. Such tactics are notoriously hard to detect since they leverage seemingly harmless components of a website’s infrastructure.
Screenshots shared by a threat actor known as Rey exposed the attacker’s dashboard, confirming the stolen amount and revealing communications in French. Wallet providers like MetaMask and Phantom quickly flagged CoinMarketCap as unsafe, with Phantom displaying urgent browser warnings to prevent further losses.
The fraudulent prompt specifically targeted ERC-20 tokens, a widely used standard for cryptocurrencies. While vigilant users on forums helped mitigate the damage, the breach has raised fresh concerns about CoinMarketCap’s security history. The platform, owned by Binance, previously suffered a 2021 data leak exposing millions of email addresses. As a top destination for crypto data, it remains a prime target for cybercriminals.
This incident underscores the growing sophistication of wallet-draining scams, which have siphoned hundreds of millions from unsuspecting users. Experts urge crypto holders to double-check connection requests and enable additional security layers to safeguard their assets.
(Source: InfoSecurity Magazine)
