Loading Search...
CoinMarketCap’s front end was briefly compromised on June 20, with visitors encountering unauthorized pop-up messages asking them to connect their crypto wallets.
Author: Sahil Thakur
CoinMarketCap’s front end was briefly compromised on June 20, with visitors encountering unauthorized pop-up messages asking them to connect their crypto wallets. The incident was quickly flagged by members of the crypto community and confirmed by the CoinMarketCap team.
The platform urged users not to interact with any wallet connection prompts while the investigation was underway.
Blockchain security firm Coinspect Security traced the root of the issue to a vulnerability in CoinMarketCap’s rotating homepage doodle feature. The backend API delivered manipulated JSON payloads that injected malicious JavaScript, causing pop-ups to appear and simulate wallet-verification requests.
Some users were also shown fake “exclusive airdrop” offers prompting them to connect wallets, a classic phishing vector used to drain crypto assets.
The malicious pop-up appeared briefly, lasting just around five minutes. By the time most users refreshed the site, the issue had been resolved and the homepage returned to normal.
CoinMarketCap published a detailed update, confirming the breach and outlining mitigation efforts. According to the team:
On June 20, 2025, our security team identified a vulnerability related to a doodle image on our homepage. This image triggered malicious code through an API call, resulting in unexpected pop-ups.”
They added that once identified, the exploit was isolated and patched. CoinMarketCap stated that all systems are now fully operational and safe to use.
“We acted immediately to remove the problematic content, identified the root cause, and implemented comprehensive mitigation measures.”
Support teams are actively monitoring feedback and assisting users who may have been affected.
The incident comes on the heels of a record-setting global password breach, with 16 billion compromised credentials exposed across dozens of datasets. That breach included login information for platforms like Facebook, Google, Apple, GitHub, and Telegram.
Given the scale of recent attacks, security experts are urging users to take precautions:
Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.
Trove Markets Alleged Mastermind Doxxed After $11.5M ICO Scam
ZachXBT Links $40M Crypto Theft to CMDSS Contractor’s Son
TRU Token Crashes 99% Amid Truebit Exploit
Chen Zhi Extradited to China Over $14B Crypto Scam
Trove Markets Alleged Mastermind Doxxed After $11.5M ICO Scam
ZachXBT Links $40M Crypto Theft to CMDSS Contractor’s Son
TRU Token Crashes 99% Amid Truebit Exploit
Chen Zhi Extradited to China Over $14B Crypto Scam
