🚨 CoinMarketCap Nukes Rogue Wallet Scam – Crypto Users Breathe Easier

CoinMarketCap just dropped the hammer on a brazen wallet-draining operation. The crypto data giant identified and eliminated a sophisticated scam targeting unsuspecting investors.

How the scam worked: Fraudsters created fake wallet interfaces mimicking legitimate services. Users who connected saw their funds vanish faster than a Bitcoin maximalist's patience during an altseason.

Why it matters: This takedown highlights the ongoing cat-and-mouse game between crypto platforms and bad actors. While exchanges beef up security, scammers keep finding new ways to exploit human error.

The silver lining: Quick action prevented what could've been another 'rug pull of the week' story. Still makes you wonder—when will these scams become sophisticated enough to start their own hedge funds?

Malicious Popup Hits Site

According to CoinMarketCap’s post on its official X account, the popup was not part of any planned update. Based on reports from users on social media, it asked visitors to connect their wallets and approve ERC‑20 token transactions. That kind of prompt can lead to wallet theft or unwanted transfers if people click through. CoinMarketCap warned everyone not to connect their wallets until the issue was fixed.

Update: We’ve identified and removed the malicious code from our site.

Our team is continuing to investigate and taking steps to strengthen our security.

— CoinMarketCap (@CoinMarketCap) June 21, 2025

Wallet Extensions Sound Alarm

MetaMask and Phantom, two popular browser‑based crypto wallets, flagged the page as unsafe almost immediately. A crypto user noted that Phantom’s extension showed a warning stating the site was “unsafe to use.” Those built‑in alerts likely saved many users from falling for the scam, since both wallets routinely check for suspicious code before letting you sign any requests.

Based on reports from crypto community members, the popup specifically asked for approvals that could give hackers control over tokens in affected wallets. Phishing scams like this thrive on tricking users into handing over private keys or signing away permissions. CoinMarketCap’s quick action stopped the popup, but it serves as a reminder that even top sites can be targets.

This isn’t the first time CoinMarketCap has faced a breach. Back in October 2021, hackers stole over 3 million email addresses from the site. Those emails later appeared on hacking forums and were flagged by Have I Been Pwned. Now, almost four years later, a new attack vector—injecting code rather than stealing data—shows how threats keep changing.

CoinMarketCap said its team is “continuing to investigate and taking steps to strengthen our security.” It did not share a full timeline for its audit, but noted that users should stay alert for any future alerts on X or other channels. Security experts say adding multi‑factor checks on code changes and regular scans for injected scripts can cut down on risks.

Experts recommend that users treat any unexpected “connect wallet” prompt with suspicion, even on trusted sites. Using hardware wallets or browser extensions that clearly list requested permissions can help you spot shady prompts. Keeping your browser and wallet software up to date is equally key. In the fast‑moving world of crypto, personal caution remains one of the best defenses.

Featured image from Bleeping Computer, chart from TradingView