BREAKING: Cointelegraph and CoinMarketCap Front Ends Hijacked—Scam Links Spread Over Weekend
Crypto's biggest data and news platforms got a nasty surprise this weekend—malicious actors compromised their front ends, pushing scam links to unsuspecting visitors.
How did it happen? Attackers bypassed security measures to inject fraudulent redirects, turning trusted crypto resources into phishing traps. No exact figures on losses yet, but the timing—peak weekend trading—suggests maximum damage.
Security theater strikes again. While exchanges brag about 'military-grade' protections, basic web vulnerabilities still plague the industry. Maybe next hack they'll offer a commemorative NFT.
Malicious Pop-Up on Cointelegraph (Source: Scam Sniffer)
Scam Sniffer traced the exploit to a JavaScript payload embedded via the site’s advertising infrastructure. The code appeared to come from a domain resembling AdButler, though it had been recently registered and linked to a malicious script hidden within a banner advertisement.
In a public statement, Cointelegraph acknowledged the issue and warned users not to interact with pop-ups promoting “CTG tokens” or “CoinTelegraph ICO airdrops.”
The platform emphasized that it is actively investigating and working to remove the malicious code. Users were advised not to enter personal details or connect wallets to any prompts on the site.
CoinMarketCap faced similar exploits
This incident follows a similar attack on CoinMarketCap just two days prior.
On June 20, the crypto data provider briefly experienced a front-end breach that resulted in a fake wallet prompt appearing on its homepage.
CoinMarketCap traced the vulnerability to a doodle image linked to unauthorized JavaScript, which briefly disrupted the site’s interface. It noted:
“Our security team identified a vulnerability related to a doodle image displayed on our homepage. This doodle image contained a LINK that triggered malicious code through an API call, resulting in an unexpected pop-up for some users when visited our homepage.”
While the message on each site differed, both cases followed a near-identical delivery mechanism: a deceptive pop-up disguised as a platform feature. This may indicate a coordinated campaign targeting high-traffic crypto websites using ad-based JavaScript exploits.
Security experts pointed out that the twin breaches highlight a growing trend of attackers exploiting trusted platforms to execute wallet-draining schemes. As a result, they urged crypto users to remain cautious, avoid interacting with unknown dApps, and regularly monitor wallet activity to stay safe.
