Cointelegraph Frontend Hacked After CoinMarketCap

Cointelegraph’s website was compromised on June 23, 2025, in a front-end breach that exposed users to pop-ups delivering phishing prompts. The injected JavaScript, labeled “inject.js,” appeared designed to steal crypto wallet credentials through deceptive transaction requests.

Security firm Blockaid and several users on X flagged the issue early. No losses have been confirmed, but the nature of the pop-up strongly suggests attempts at wallet draining.

As of this writing, Cointelegraph has not released an official statement. The site has returned to normal, but the lack of transparency has drawn criticism, especially when compared to the prompt response from CoinMarketCap just days earlier.

Src: Scam Sniffer | Web3 Anti-Scam

CoinMarketCap Breached Three Days Prior

On June 20, 2025, CoinMarketCap suffered a similar front-end exploit. A malicious pop-up prompted users to verify wallets, a common phishing tactic. The vector was traced to a doodle image linked via a backend API, which served modified JSON payloads embedding JavaScript.

CoinMarketCap acted swiftly, removing the exploit and posting a public warning. Wallet providers like MetaMask and Phantom marked the site as unsafe, while users were urged to revoke token approvals and avoid interaction.

No confirmed losses were reported. The code injection is believed to have originated from a compromised third-party vendor, possibly an ad network.

Shared Patterns and Security Gaps

Both hacks used malicious JavaScript to compromise the front end, exploiting trust in major platforms. Each prompted users to connect wallets or approve transactions under false pretenses. While no major funds have been confirmed stolen, the potential risk to user assets was substantial.

The key difference lies in response: CoinMarketCap issued a formal acknowledgment and root cause breakdown, while Cointelegraph’s silence has fueled speculation and concern.

Trend of Front-End Attacks Escalates

These incidents reflect a larger industry trend. In recent years, platforms like Balancer, Galxe, and Ledger have also experienced front-end or supply chain attacks. The CoinMarketCap breach, linked to third-party content delivery, mirrors Ledger’s 2023 ConnectKit compromise, which exposed users to similar wallet-draining prompts.

Security analysts warn that platforms relying on external APIs or ad scripts are increasingly vulnerable. Front-end compromises now rival backend hacks in threat severity due to their direct access to user interaction.

Best Practices for Users

• Avoid interacting with unsolicited pop-ups
• Use hardware or non-custodial wallets
• Revoke token approvals after suspicious prompts
• Double-check URLs and always use verified links
• Enable multifactor authentication for exchange accounts

With growing complexity in crypto infrastructure, user-facing security is now a top priority. Both CoinMarketCap and Cointelegraph serve as cautionary examples of how even established platforms can become vectors for phishing. As regulation and user awareness increase, crypto platforms must invest in deeper security audits and real-time monitoring to prevent similar incidents.

Some potential attacks to be aware of:

Attack Type	Vector	Risk
Client-side phishing	Compromised JSON/UI scripts	Fake pop-ups hijack wallet connections
JS injection	Frontend supply chain / buckets	Multisig code altered silently
DNS hijack	Domain redirection	Redirect to malicious UI prompting wallet approval
Clipboard hijacking	Malicious scripts	Wallet addresses swapped on paste
Address poisoning	Malware + clipboard DB	Visually similar addresses fool users