CoinMarketCap was hacked via a malicious script injected through a compromised "doodle" image API, leading to a fake Web3 popup that drained wallets. This matters because it demonstrates how trusted elements of a platform can be exploited.
Cointelegraph experienced a front-end exploit that displayed a fraudulent banner offering fake "CoinTelegraph ICO Airdrops" and "CTG tokens," tricking users into connecting their wallets. This shows how attackers are using social engineering to bypass user skepticism.
Both attacks involved the use of wallet drainers, which have stolen almost $500 million in 2024. This highlights the growing threat of wallet drainers in the crypto space.
The attacks mirror each other, indicating a coordinated effort or a shared technique among threat actors targeting the cryptocurrency industry. This suggests that other platforms could be at risk.
CoinMarketCap, a popular cryptocurrency price tracking website, suffered a supply chain attack on June 20, 2025. Threat actors exploited a vulnerability in the site's homepage "doodle" image to inject malicious JavaScript. This script displayed a fake wallet connect popup, mimicking a legitimate Web3 transaction request but instead draining cryptocurrency from connected wallets.
Cointelegraph, a crypto news outlet, was compromised by a front-end exploit on June 23, 2025. Attackers injected a malicious pop-up that falsely claimed to offer “CoinTelegraph ICO Airdrops” and “CTG tokens.” The fraudulent banner urged users to connect their crypto wallets in exchange for nearly $5,500 worth of tokens.
These attacks highlight the increasing prevalence of wallet drainers. In 2024, wallet drainers stole almost $500 million through attacks targeting more than 300,000 wallet addresses. Users should be extremely cautious when connecting their wallets to websites or interacting with unsolicited offers.
Q: What is a wallet drainer?
A wallet drainer is a type of malicious script that steals cryptocurrency from a user's wallet when they connect it to a compromised website or interact with a malicious transaction request.
Q: How can I protect myself from wallet drainer attacks?
Be cautious when connecting your wallet to websites, especially if they are unfamiliar or offer unsolicited rewards. Verify the legitimacy of any transaction requests before approving them. Use hardware wallets for added security. Keep your browser extensions updated, and consider using security tools that detect wallet drainers.
Always be skeptical of offers that seem too good to be true, especially those involving cryptocurrency.
Verify the legitimacy of websites and applications before connecting your crypto wallet.
Use a hardware wallet for an extra layer of security.
Keep your software and browser extensions up to date.
Report any suspicious activity to the platform in question.
Do you think these types of attacks will continue to increase? What measures do you take to protect your crypto wallets? Share this article with others who need to stay ahead of this trend!
A recent ransomware attack on Instructure's Canvas platform, used by numerous universities, has raised concerns about the security of person...
A fake Windows 11 update website is distributing malware disguised as a legitimate update, targeting users seeking early access to new featu...
A recent cyberattack on CareCloud, a health tech provider, has raised concerns about patient data security. This incident, along with other ...
The infamous and controversial internet message board 4chan is reportedly facing a significant security breach. Following site outages, clai...
⚠ Disclaimer: Yanuki provides article summaries and links for reference only. Yanuki does not endorse, verify, or guarantee the accuracy of third-party sources. Please review original sources and verify information independently. Managed by the Yanuki Data Engine. Full Disclaimer