Key Takeaways
- Cointelegraph and CoinMarketCap suffered front-end breaches delivering wallet-draining pop-ups via malicious JavaScript.
- The Cointelegraph attack was linked to a fake CTG token and involved compromised advertising infrastructure.
- At least 39 CoinMarketCap users lost $18,570, prompting warnings to avoid connecting wallets to suspicious prompts.
On June 22, Cointelegraph confirmed a front-end security breach that delivered a pop-up urging users to connect their wallets.
The malicious prompt promoted a fake Cointelegraph token (CTG) and a fraudulent initial coin offering (ICO).
Blockchain security firm Scam Sniffer identified the exploit, tracing it to a JavaScript payload embedded through the site’s advertising infrastructure and linked to a newly registered domain mimicking AdButler.
Cointelegraph issued a public statement warning users to avoid interacting with pop-ups advertising “CTG tokens” or “CoinTelegraph ICO airdrops.”
The company stated it is actively investigating and removing the malicious code, and advised users not to share personal details or connect wallets to any on-site prompts.
CoinMarketCap targeted days earlier
The attack mirrored a similar exploit on CoinMarketCap just two days prior, when a front-end vulnerability allowed a fake wallet connection prompt to appear on its homepage.
CoinMarketCap attributed the breach to a doodle image containing unauthorized JavaScript that triggered the malicious code.
“Our security team identified a vulnerability related to a doodle image displayed on our homepage. This doodle image contained a link that triggered malicious code through an API call, resulting in an unexpected pop-up for some users when visited our homepage.”
Former Binance CEO Changpeng Zhao noted that 39 people lost a total of $18,570 due to the CoinMarketCap incident. He warned:
“Hackers are targeting information web sites now.”
These incidents highlight the risks of ad-based JavaScript exploits targeting high-traffic bitcoin and asset information platforms.
