CoinMarketCap Hack: $100M Crypto Risk as Fake Wallet Prompt Removed
CoinMarketCap has removed a malicious pop-up that was appearing on their site and trying to trick users into verifying their wallets.
Quick overview
- CoinMarketCap swiftly removed a malicious pop-up attempting to trick users into verifying their wallets on June 17.
- The crypto community reacted strongly, with warnings issued by CoinMarketCap and alerts from wallet providers like MetaMask and Phantom.
- The attack involved manipulated JSON payloads that injected malicious JavaScript, raising concerns about security in the crypto space.
- Users are advised to verify prompts and website authenticity, as trust in CoinMarketCap has been compromised.
CoinMarketCap has removed a malicious pop-up that was appearing on their site and trying to trick users into verifying their wallets. The issue happened on June 17 and CoinMarketCap took swift action and the crypto community is in an uproar.
On X (formerly Twitter), CoinMarketCap warned users not to interact with the “Verify Wallet” pop-up. “Do NOT connect your wallet” the alert said.
Within hours they followed up with another statement saying the malicious code has been removed. The security team is investigating how the breach happened and will provide more updates.
According to Coinspect, the attack was from manipulated JSON payloads injected through CoinMarketCap’s “doodles” feature. These payloads could load malicious JavaScript into the site.
Security Breach Echoes Industry-Wide Concerns
This has raised more concerns in the crypto space especially after a string of high profile security incidents in the past few weeks. Most notably:
- Iranian exchange Nobitex was breached due to geopolitical tensions
- Coinbase was compromised
- In 2021 CoinMarketCap had 3.1 million email addresses leaked
No wallets have been confirmed to be drained from this attack but the pop-up was a classic phishing attempt to get users to approve malicious smart contract actions.
Crypto security expert Jameson Lopp said these attempts are getting more sophisticated and harder to detect. Another user “Auri” shared screenshots of the fake prompt trying to get ERC-20 token approvals—an open door for hackers to drain wallets.
Community and Wallet Providers Flag Threat
The breach was first detected by users and wallet providers. Both MetaMask and Phantom flagged CoinMarketCap as unsafe during the incident. Phantom’s internal systems even blocked access while MetaMask issued a security warning.
Highlights from the Response:
- MetaMask flagged the domain as suspicious
- Phantom blocked access to CoinMarketCap
- Users across X warned: “DO NOT VERIFY WALLET”
This shows how important it is to verify prompts and website authenticity even on trusted sites. Users should double check URLs, avoid spontaneous wallet connections and use wallet apps with built-in phishing protection. CoinMarketCap is still up but trust is broken. Decentralized access vs robust security infrastructure.
- Check out our free forex signals
- Follow the top economic events on FX Leaders economic calendar
- Trade better, discover more Forex Trading Strategies
- Open a FREE Trading Account
Related Articles
Sidebar rates
Related Posts
Save
Join 350 000+ traders receiving Free Trading Signals
