- Cointelegraph and CoinMarketCap were both targeted by hackers this weekend using sophisticated phishing exploits
- The hackers deployed fraudulent pop‑ups and wallet‑draining scripts via compromised front‑end code
- The incident shows a change in tactics from scammers
Cointelegraph and CoinMarketCap experienced cyberattacks this weekend that attempted to drain visitors’ funds, in a sign that hackers are changing their tactics. CoinTelegraph’s front-end was infiltrated by malicious scripts that injected fake token airdrop pop‑ups, urging readers to connect their crypto wallets, while CoinMarketCap’s homepage was also manipulated, with visitors asked to enter their crypto wallet details to access the site. These shifting tactics show that no public-facing crypto site is safe, with hackers using the popularity of these sites to push their scams.
A Spot of Front-End Phishing
On Sunday night, Cointelegraph confirmed that its website had been compromised via a front‑end exploit, with scammers planting pop‑ups promoting a fictional “CTG” token airdrop and encouraging visitors to connect their wallets. The malicious code originated from a compromised ad script—not the core site—which triggered wallet‑draining approvals once users clicked through. Security firm Scam Sniffer flagged the injected code and warned users, which was picked up by Cointelegraph:
🚨 ALERT: We are aware of a fraudulent pop-up falsely claiming to offer “CoinTelegraph ICO Airdrops” or “CTG tokens” that are appearing on our site.
DO NOT:
– Click on these pop-ups
– Connect your wallets
– Enter any personal informationWe are actively working on a fix.
— Cointelegraph (@Cointelegraph) June 23, 2025
The site did not provide an update, but the ads are no longer appearing, so the situation seems to have been resolved.
For its part, CoinMarketCap was hit by a supply‑chain exploit that resulted in similar wallet‑draining pop‑ups. Changpeng Zhao, whose former company Binance bought CoinMarketCap in 2020, revealed the losses, confirming that the website will cover the losses suffered:
2 days ago CMC, now CT. Hackers are targeting information web sites now. Be careful when authorizing wallet connect.
For CMC, based on initial on-chain analysis, there are 39 victims with a combined loss of $18,570. @CoinMarketCap will cover all losses.
— CZ 🔶 BNB (@cz_binance) June 23, 2025
The worrying thing is that these aren’t standard phishing emails; they are malicious scripts embedded in trusted sites, exploiting ad systems and front‑end components to trick users into connecting their crypto‑wallets.
Platforms and Users Must Step Up Their Game
Both of these incidents highlight the importance of constant vigilance and robust security practices on the part of users and the platforms themselves. Platforms must audit third‑party integrations, especially advertising scripts and email providers, and implement sandboxing and continuous code monitoring, while users, for their part, should never connect wallets during unsolicted pop‑ups or click unverified emails.
Enabling multi‑factor authentication, scrutinizing digital messaging for anomalies, and staying updated with official security notices are essential habits in this era of human‑centric cybercrime.
Cybersecurity experts have noted a shift in hacker strategy: rather than exploiting blockchain code directly, attackers are targeting human behaviour, with phishing and social engineering now accounting for the bulk of crypto-related thefts. Indeed, phishing contributed to over $1 billion in industry losses across 296 attacks in 2024 alone. Front‑end scripts and email breaches represent this evolving threat landscape, illustrating how trusted outlets can be weaponized to compromise users.
