Cointelegraph and CoinMarketCap front ends compromised with scam links over the weekend

Cointelegraph, one of the leading crypto media platforms, has confirmed a front-end security breach that exposed its users to a malicious pop-up urging them to connect their wallets.

The incident, which occurred on June 22, involved scammers promoting a fake Cointelegraph token (CTG) and a counterfeit initial coin offering (ICO) campaign.

Scam Sniffer, a blockchain security platform, first flagged the compromise, noting that the attackers aimed to deceive users into granting wallet access. Once connected, these wallets could be drained of assets.

Malicious Pop-Up on Cointelegraph (Source: Scam Sniffer)

Scam Sniffer traced the exploit to a JavaScript payload embedded via the site’s advertising infrastructure. The code appeared to come from a domain resembling AdButler, though it had been recently registered and linked to a malicious script hidden within a banner advertisement.

In a public statement, Cointelegraph acknowledged the issue and warned users not to interact with pop-ups promoting “CTG tokens” or “CoinTelegraph ICO airdrops.”

The platform emphasized that it is actively investigating and working to remove the malicious code. Users were advised not to enter personal details or connect wallets to any prompts on the site.

CoinMarketCap faced similar exploits

This incident follows a similar attack on CoinMarketCap just two days prior.

On June 20, the crypto data provider briefly experienced a front-end breach that resulted in a fake wallet prompt appearing on its homepage.

CoinMarketCap traced the vulnerability to a doodle image linked to unauthorized JavaScript, which briefly disrupted the site’s interface. It noted:

“Our security team identified a vulnerability related to a doodle image displayed on our homepage. This doodle image contained a link that triggered malicious code through an API call, resulting in an unexpected pop-up for some users when visited our homepage.”

While the message on each site differed, both cases followed a near-identical delivery mechanism: a deceptive pop-up disguised as a platform feature. This may indicate a coordinated campaign targeting high-traffic crypto websites using ad-based JavaScript exploits.

Former Binance CEO Changpeng Zhao pointed out that 39 people were victims of the CoinMarketCap incident, and their combined loss was $18,570.

He added that the twin breaches highlight a growing trend of attackers exploiting trusted platforms to execute wallet-draining schemes.

He stated:

“Hackers are targeting information web sites now.”

As a result, he urged crypto users to remain cautious, avoid interacting with unknown dApps, and regularly monitor wallet activity to stay safe.

The post Cointelegraph and CoinMarketCap front ends compromised with scam links over the weekend appeared first on CryptoSlate.