And get this, the hackers got clever by making this script chat with shady domains to nab wallet credentials or private keys. Really not cool.
- So, on June 20, 2025, when folks went to the CMC homepage, guess what they saw? Yep, you guessed it
- a pop-up telling them they had to connect their wallets to keep their CMC accounts. Sneaky, right?
Then they said that 76 unlucky visitors fell for the scam and ended up losing a total of $21,624.47. Ouch. But hey, CMC promised to pay them back. At least they’re trying to fix their mistake, right?
Better keep an eye out for any breaking news about breaches, vulnerabilities, and cybersecurity threats. You never know when these hackers might strike again. Stay safe out there!
According to the folks at Blockaid, a company into Web3 on-chain security stuff, this dodgy pop-up started showing up on June 20, at around 9 p.m. UTC/GMT. And get this, CMC confirmed the compromise on Saturday, saying that the whole thing happened because of a “vulnerability” linked to a third-party “doodle” image on the homepage. Crazy, huh?
These attacks seem to be linked to Inferno Drainer customers, a shady “Drainer-as-a-Service” gang that’s caused loads of trouble in the past. But hey, both sites have sorted things out and beefed up their security. Let’s hope they can keep the bad guys out from now on.
But wait, there’s more. The whole thing with CoinTelegraph is just as nuts. These hackers got into their banner system on June 21 and started flashing a dodgy ad for a fake token airdrop. Who comes up with this stuff, seriously?
Now, for those who don’t know, CoinMarketCap (or CMC for short) is like the go-to website for all things crypto. It’s where you can track cryptocurrency prices, market caps, and trading volumes.
Now, this company called c/side said that the hackers messed with the doodle image’s API request and stuffed it with a bunch of hidden JavaScript code. Sounds like a proper mess, doesn’t it? Anyway, this dodgy script was all about trying to steal wallet info when users clicked on “Connect Wallet.” Nasty business, right?
So, over the weekend, both the CoinMarketCap and CoinTelegraph websites got hacked. Can you believe it? Those sneaky hackers put up some phishing pop-ups asking visitors to sort of… verify or connect their crypto wallets. Like, seriously?
