CoinMarketCap Confirms Phishing Attack via Wallet Verification Pop-Up
Hackers exploited a vulnerability in CoinMarketCap's front-end system, using a doodle image to inject malicious code. This led to fake wallet verification pop-ups across the site.
Key points:
- The breach utilized CoinMarketCap's backend API to deliver a manipulated JSON payload that embedded JavaScript into the homepage.
- The script prompted users to “Verify Wallet,” a phishing tactic aimed at stealing crypto access.
- The attack was traced to the platform’s rotating “doodles” feature, allowing code embedding without altering core infrastructure.
- The pop-up was active briefly before being removed by CoinMarketCap.
- CoinMarketCap confirmed immediate action was taken and implemented measures to mitigate the issue.
- No details on user encounters or potential wallet compromises have been disclosed.