Hackers breach Cointelegraph, Coinmarketcap with new wallet connection scam

Crypto news outlet Cointelegraph revealed on Sunday that its website was compromised in a front-end exploit tricking visitors into connecting their crypto wallets and claiming a fraudulent token airdrop.

In a statement posted on social platform X, Cointelegraph said it was “aware of the fraudulent pop-up” affecting its site and was “actively working on a fix.” The publication requested users not to “interact with any prompts asking for wallet access or personal information.” 

Crypto news website targeted, hackers use CMC tactics

The fake pop-up claimed that users had been randomly selected for a new token giveaway as part of a “fair launch initiative” supposedly backed by Cointelegraph to reward loyal readers. 

Per several reports on social media, a malicious JS script was likely added to CT’s advertising system to display a fabricated token price, and promised each participant nearly $5,500 worth of tokens if they connected their wallet to the site. 

🚨 The malicious JS code appears to come from Cointelegraph’s advertising system.

Related files:
https://adbutlerserve[.]com/assets/inject.js
https://adbutlerserve[.]com/assets/90435885-4428-4fc3-ade0-378d793ea392.js pic.twitter.com/QbH7kaDBLx

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) June 23, 2025

The pop-up also falsely alluded that blockchain security firm CertiK had audited the smart contract behind the token.

As reported by Cryptopolitan, a similar incident was seen on CoinMarketCap just two days earlier, where visitors were exposed to fake wallet connection requests under the guise of “verification.” 

CoinMarketCap reported the breach on X, confirming that malicious JavaScript code had been injected into its front-end interface. The code has since been removed.

Zhao warns the crypto community to watch out for wallet connect requests

In an X post on Monday, former Binance CEO Changpeng Zhao told crypto investors to be extra careful when asked to connect their wallets to any websites. 

“2 days ago CMC, now CT. Hackers are targeting information websites now. Be careful when authorizing wallet connect,” Zhao said.

He added that on-chain analysis of the CoinMarketCap breach revealed 39 victims had collectively lost approximately $18,570. According to Zhao, CoinMarketCap will reimburse all affected users.

In both the CoinMarketCap and Cointelegraph attacks, the hackers used similar social engineering tactics. Users were led to believe they were receiving free tokens or were required to confirm their identity, only to have their crypto assets drained moments after granting wallet access.

In June alone, there have been at least five incidents of phishing and front-end exploits targeting the funds of crypto and traditional finance. Blockchain intelligence firm TRM Labs recently reported that phishing schemes and malware-based attacks accounted for a staggering 70% of the $2.2 billion lost to crypto-related hacks in 2024. In May, crypto investors lost over $240 million through the same exploits.

The Cointelegraph attack comes against the backdrop of the disclosure by researchers of a massive data dump containing over 16 billion stolen login credentials. The compromised data reportedly includes access to “day-to-day” popular platforms such as Google, Telegram, Facebook, and GitHub.

In other related news, blockchain security firm Hacken confirmed that a private key leak allowed a bad actor to mint and dump $250,000 worth of the firm’s native token, Hacken Token (HAI), causing its value to crash by approximately 99% over the weekend.

According to Hacken’s security team, the breach involved an account with a minting role on both the Ethereum and BNB Chain networks. The attacker generated large amounts of HAI and immediately sold them on decentralized exchanges, tanking the token’s price from $0.015 to just $0.000056.