Loading Ratings...
CoinMarketCap’s front end was briefly compromised on June 20, with visitors encountering unauthorized pop-up messages asking them to connect their crypto wallets.
Author: Sahil Thakur
Written On: Sat, 21 Jun 2025 06:30:12 GMT
CoinMarketCap’s front end was briefly compromised on June 20, with visitors encountering unauthorized pop-up messages asking them to connect their crypto wallets. The incident was quickly flagged by members of the crypto community and confirmed by the CoinMarketCap team.
The platform urged users not to interact with any wallet connection prompts while the investigation was underway.
Blockchain security firm Coinspect Security traced the root of the issue to a vulnerability in CoinMarketCap’s rotating homepage doodle feature. The backend API delivered manipulated JSON payloads that injected malicious JavaScript, causing pop-ups to appear and simulate wallet-verification requests.
Some users were also shown fake “exclusive airdrop” offers prompting them to connect wallets, a classic phishing vector used to drain crypto assets.
The malicious pop-up appeared briefly, lasting just around five minutes. By the time most users refreshed the site, the issue had been resolved and the homepage returned to normal.
CoinMarketCap published a detailed update, confirming the breach and outlining mitigation efforts. According to the team:
On June 20, 2025, our security team identified a vulnerability related to a doodle image on our homepage. This image triggered malicious code through an API call, resulting in unexpected pop-ups.”
They added that once identified, the exploit was isolated and patched. CoinMarketCap stated that all systems are now fully operational and safe to use.
“We acted immediately to remove the problematic content, identified the root cause, and implemented comprehensive mitigation measures.”
Support teams are actively monitoring feedback and assisting users who may have been affected.
The incident comes on the heels of a record-setting global password breach, with 16 billion compromised credentials exposed across dozens of datasets. That breach included login information for platforms like Facebook, Google, Apple, GitHub, and Telegram.
Given the scale of recent attacks, security experts are urging users to take precautions:
Real voices. Real reactions.
Add your reaction to this story:
Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.
Hacken’s HAI Token Crashes 97 Percent After Bridge Exploit
CoinMarketCap Front End Compromised via Malicious Pop-Up Attack, Now Resolved
North Korean Hackers Target Crypto Workers With Malware Hidden in Fake Job Applications
16 Billion Passwords Compromised In Biggest Ever Breach
Hacken’s HAI Token Crashes 97 Percent After Bridge Exploit
CoinMarketCap Front End Compromised via Malicious Pop-Up Attack, Now Resolved
North Korean Hackers Target Crypto Workers With Malware Hidden in Fake Job Applications
16 Billion Passwords Compromised In Biggest Ever Breach
Hacks & Scams
Jun 21, 2025
Hacks & Scams
Jun 21, 2025
Hacks & Scams
Jun 20, 2025
