CoinMarketCap Phishing Attack: Wallet Popup Scare Hits Crypto Users
CoinMarketCap Faces Security Breach from Malicious Doodle Image Attack
Overview of the Incident
Hackers leveraged a vulnerability in CoinMarketCap’s front-end system to inject malicious scripts disguised as a benign doodle image. This attack resulted in the emergence of deceptive wallet verification pop-ups across the platform.
Details of the Breach
CoinMarketCap has confirmed that the breach occurred through its backend API, which was exploited to send a modified JSON payload. This payload included JavaScript code embedded directly into the homepage, as reported by the blockchain security firm Coinspect Security.
The Attack Unveiled
On June 20, 2025, the incident was identified by CoinMarketCap’s security team, highlighting a flaw related to a harmless doodle displayed on their site. The doodle contained a link that executed the harmful code via an API call, causing unwanted pop-ups urging users to “Verify Wallet” when they accessed the homepage.
Understanding the Threat
The fraudulent pop-up aimed at tricking visitors into disclosing sensitive information related to their cryptocurrency wallets, representing a clear phishing attempt. Coinspect traced the source of the attack to the platform’s interactive “doodles” feature, which enabled attackers to incorporate malicious code without interfering with the website’s primary framework.
Rapid Response and Remediation
CoinMarketCap’s team quickly acted to remove the malicious content shortly after the pop-up was detected, ensuring that the threat was neutralized. In a statement, CoinMarketCap noted, “We responded promptly to eliminate the unsafe content, and extensive measures are now in place to address and prevent any future issues.”
User Impact and Company Statement
While CoinMarketCap has yet to disclose the number of users affected by this incident or confirm if any wallets have been compromised, the security breach highlights the importance of enhanced safety protocols in managing online threats. The company continues to prioritize user security in its ongoing efforts to mitigate risks associated with cyberattacks.
