Back-to-Back Website Exploits Hit Cointelegraph and CoinMarketCap with Malicious Wallet Connection Scams — How Did Trusted Crypto Giants Become Attackers’ Playground?

Crypto Websites Hit By Sophisticated Front-End Attacks Pushing Fake Token Airdrops

Two of the industry’s most visited crypto platforms, Cointelegraph and CoinMarketCap, have fallen victim to back-to-back front-end attacks that exposed visitors to malicious wallet-draining scams.

The nearly identical incidents involved unauthorised code injection designed to mimic airdrop events, targeting unsuspecting users with fraudulent pop-ups and fake security claims.

Cointelegraph Users Tricked By Bogus CTG Token Giveaway

Cointelegraph confirmed that its website was compromised on 23 June, when attackers hijacked its banner publishing system to display a pop-up promoting a fake airdrop labelled “CoinTelegraph ICO Airdrops” and “CTG tokens.”

Visitors were promised nearly $5,500 worth of tokens in what was described as a “fair launch initiative” — complete with fabricated audit credentials from CertiK to appear legitimate.

The fraudulent prompt urged users to connect their crypto wallets to claim rewards.

Doing so handed control of their wallets to attackers, allowing them to siphon funds through smart contracts.

Cointelegraph responded hours later on X:

“Do not click on these pop-ups, connect your wallets, or enter any personal information.”

The company confirmed the malicious code was swiftly removed and that security protocols had been reinforced.

CoinMarketCap Breach Mirrors Same Exploit Method

Just two days earlier, CoinMarketCap dealt with a similar incident involving a corrupted homepage image.

A seemingly harmless “doodle” concealed malicious code that triggered a phishing pop-up when loaded.

The banner exploited a vulnerability in the platform’s API, again leading users to wallet connection requests designed to steal funds.

The platform stated its security team “immediately removed the problematic content” and confirmed it had “identified the root cause” while asserting that no deeper systems were affected.

Operations were restored shortly after.

Rise In Front-End Wallet Drainers Targeting Trusted Platforms

Security researchers say both attacks share the same infrastructure and code style, pointing to coordinated threat actors behind the scenes.

By compromising platforms already trusted by millions, attackers are bypassing typical red flags users might associate with unsolicited links or unknown websites.

This approach, which turns familiar crypto news or data sites into attack vectors, is part of a growing trend.

Victims are commonly baited into wallet connection for rewards, airdrops, or verifications — but are instantly drained once access is granted.

Massive Credential Leak Could Be Fueling Attacks

The timing of these breaches has raised further alarm, as they come just days after cybersecurity firms uncovered a vast database containing over 16 billion stolen login credentials, affecting services like Google, Telegram, Facebook, and GitHub.

Experts believe this data was gathered via infostealer malware and previous breaches — potentially giving attackers the access needed to hijack web systems of major crypto platforms.

TRM Labs reports that phishing and malware-based attacks made up 70% of the $2.2 billion lost to crypto hacks in 2024 alone, pointing to the scale of this persistent and evolving threat.

Are Crypto Platforms Equipped For What’s Coming Next?

As more attacks move from traditional phishing emails to front-end hijacks of trusted websites, the focus must shift from user vigilance to platform accountability.

It’s no longer just about “don’t click” — the ecosystem needs stronger code audits, proactive threat detection, and fast incident response.

Trust is a currency in crypto, and once lost, it’s hard to recover.