The well-known cryptocurrency news source Cointelegraph has confirmed a security breach of the front-end that exposed its users to a scam on 22 June that could empty their digital wallets.
Users were tricked into linking their digital wallets via an attack that consisted of a fake 'Cointelegraph Token (CTG)' pop-up promoting a counterfeit Initial Coin Offering (ICO).
The incident was first detected by the blockchain security tool Scam Sniffer, which revealed how the attackers were attempting to gain illicit access to the wallets. Once connected, the wallets could be quickly emptied of funds.
Scam Sniffer stated on X:
"CoinTelegraph's front-end has been compromised. Please be cautious."
🚨 CoinTelegraph's frontend has been compromised. Please be cautious. pic.twitter.com/sH025Zek8p
- Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) June 23, 2025
The attack was generated by a dangerous JavaScript payload delivered via the website's advertising system. The suspicious code appeared to originate from a domain similar to AdButler. However, the domain had recently been registered and was linked to a malicious script hidden within a banner ad.
Cointelegraph quickly intervened by warning users not to interact with any pop-ups advertising CTG tokens or claiming to be part of an ICO airdrop. The platform highlighted the problem in a public statement, stressing that an active investigation was underway and that steps were being taken to remove the malicious code.
Cointelegraph also advised users not to enter personal information or link wallets in response to any pop-ups or invitations that appeared on the site.
A Similar Attack Also Hits CoinMarketCap
Two days before this attack, a hack that was almost identical to CoinMarketCap. The front-end breach suffered by the crypto data aggregator on 20 June led to the appearance of a fake pop-up asking users to link their wallet on the homepage.
CoinMarketCap noted that the problem was caused by a 'doodle' image that contained illegal JavaScript code capable of temporarily altering the site's interface. Although the distribution methods were slightly different, both attacks used JavaScript-based exploits from misleading advertisements and pop-ups, suggesting a possible coordinated campaign targeting high-traffic crypto platforms.
"On 20 June 2025, our security team identified a vulnerability related to a doodle image displayed on our homepage. This image contained a link that activated malicious code via an API call, generating an unexpected pop-up for some users visiting our homepage," the CoinMarketCap officials explained.
On June 20, 2025, our security team identified a vulnerability related to a doodle image displayed on our homepage. This doodle image contained a link that triggered malicious code through an API call, resulting in an unexpected pop-up for some users when they visited our homepage....
- CoinMarketCap (@CoinMarketCap) June 21, 2025
Changpeng Zhao, former CEO of Binance, commented on the attack on CoinMarketCap stating that 39 users were affected and lost a total of $18,570. Zhao warned that these incidents highlight a growing risk posed by fraudsters exploiting trusted crypto platforms.
"Avoid linking wallets to unknown dApps and check your wallet activity regularly to stay safe," Zhao advised users, urging them to remain vigilant.
2 days ago CMC, now CT. Hackers are targeting information web sites now. Be careful when authorising wallet connect.
- CZ 🔶 BNB (@cz_binance) June 23, 2025
For CMC, based on initial on-chain analysis, there are 39 victims with a combined loss of $18,570. @CoinMarketCap will cover all losses. https://t.co/egkekyjAYQ
Both platforms are working to strengthen ad-related security systems and prevent similar attacks in the future, while investigations continue.
