One of the largest crypto news companies, Cointelegraph, encountered a security exploit today, with its front-end taken over by attackers to promote fake ICO airdrops. A number of users claimed that the website’s homepage displayed fraudulent pop-ups promoting fake “CoinTelegraph ICO Airdrops” and “CTG tokens.”
Confirming the front-end attack, Cointelegraph’s X handle urged users not to click on any pop-ups, connect wallets, or share personal information, as the platform works to resolve the breach.
At the time of publishing, Cointelegraph’s official domain was showing a warning ahead of visiting the homepage for those who have installed the MetaMask wallet. This critical message shows that opening the website might risk users’s secret recovery phrases or passwords, or it might urge them to sign malicious transactions resulting in stealing assets.
The phishing scam mirrors a recent attack on CoinMarketCap , where users lost significant funds after connecting their wallets to malicious sites. While hackers followed the same pattern and exploited a front-end vulnerability in CoinMarketCap’s homepage, it’s likely that the hacker entity is the same in both cases.
Moreover, the timing of this breach also coincides with a massive data leak reported by Cybernews on June 21, where over 16 billion login credentials were exposed. Cybersecurity experts suggest this could be linked to infostealer malware, amplifying the risk for crypto users.
