CoinMarketCap and Cointelegraph Suffer Security Breaches from Wallet Hacks
On June 20, 2025, CoinMarketCap and other major crypto sites experienced a hack prompting users to connect their wallets. The malicious pop-up aimed to steal wallet information.
The attack, which affected 39 victims with over $18K lost, involved injected JavaScript code that created a realistic 'Connect Wallet to Verify' prompt. CoinMarketCap has since removed the script and patched the vulnerability.
Just days later, Cointelegraph faced a similar attack where an ad-serving network was compromised, leading to a fake token airdrop popup. Users who interacted with it lost access to their funds.
Key points:
- Both incidents showcase vulnerabilities in trusted platforms.
- Wallet compromises produce significant losses despite lower incident counts.
- In Q1 2025, such attacks led to over $1.450M in losses.
- Users should be cautious about unexpected wallet connection requests.
Changpeng Zhao (CZ), Binance founder, warned users about authorizing wallet connects. Both platforms advised against clicking pop-ups and sharing personal information.
Investors are urged to remain vigilant and verify sources of information regarding airdrops or presales to avoid phishing scams.