On June 20, 2025, CoinMarketCap, a leading cryptocurrency data platform, faced a serious security breach. Hackers exploited a vulnerability in the site’s front end, leading to fake “Verify Wallet” popups designed to steal users’ cryptocurrency funds.
How the Attack Happened
The attackers targeted CoinMarketCap’s “doodles” feature—a rotating image display on the homepage. By manipulating the backend API that controls this feature, they injected malicious JavaScript code into the front end. This code triggered fake pop-ups asking users to “Verify Wallet.”
When users saw these pop-ups, they were prompted to connect their crypto wallets and approve certain token transactions. These requests were phishing attempts aimed at gaining unauthorized access to users’ wallets and draining their funds.
Quick Detection and Response
CoinMarketCap detected the attack and removed the malicious code within about three hours. The company issued warnings advising users not to connect their wallets or interact with any suspicious pop-ups.
Popular crypto wallet extensions like MetaMask and Phantom also stepped in. They flagged the CoinMarketCap site as unsafe and blocked suspicious activity, protecting many users from falling victim to the scam.
Impact and Concerns
While CoinMarketCap has not confirmed any specific cases of stolen funds, the attack exposed a serious risk for millions of users who visit the platform daily.
This breach highlights ongoing security challenges in the crypto world. Even trusted platforms can be vulnerable to attacks that exploit seemingly minor features, like image displays.
What Users Can Do to Stay Safe
- Avoid connecting wallets to unsolicited pop-ups. Always be cautious when prompted to verify or connect your wallet unexpectedly.
- Use hardware wallets. These provide an extra layer of security by keeping private keys offline.
- Enable two-factor authentication (2FA). This adds protection to your accounts and wallets.
- Verify URLs and prompts carefully. Phishing attempts often use fake pop-ups or websites that look legitimate.
Summary Table
| Aspect | Details |
| Attack Vector | Malicious JavaScript injected via “doodles” feature on front end |
| Malicious Action | Fake “Verify Wallet” pop-ups to steal wallet access and approve token transactions |
| Detection and Removal | Malicious code removed within ~3 hours |
| User Warnings | CoinMarketCap and wallet providers warned users; site flagged as unsafe |
| Impact | No confirmed fund losses disclosed; phishing risk raised |
| Ongoing Measures | Investigation and security improvements underway |
Key Takeaways
- CoinMarketCap’s front end was compromised through a backend API vulnerability.
- Fake wallet verification pop-ups aimed to steal crypto funds.
- Quick action by CoinMarketCap and wallet providers helped limit damage.
- Users must stay vigilant against unsolicited wallet connection requests.
- Security risks remain high in the crypto ecosystem, even on major platforms.
FAQs
Q: How did hackers inject malicious code?
- They exploited a backend API linked to the doodles feature, injecting JavaScript into the front end.
Q: What was the goal of the fake pop-ups?
- To trick users into connecting wallets and approving token transactions, enabling theft.
Q: Were any funds stolen?
- No confirmed cases have been disclosed yet.
Q: How did wallet extensions respond?
- MetaMask and Phantom flagged the site as unsafe and blocked suspicious activity.
Q: How can users protect themselves?
- Avoid unsolicited wallet connections, use hardware wallets, enable 2FA, and verify all prompts carefully.
This event is a reminder that even trusted crypto platforms can be vulnerable. Staying alert and cautious remains the best defense against such attacks.
Are you ready to protect your crypto assets?
