In brief
- Cointelegraph has confirmed a front-end hack used to serve phishing pop-ups to people accessing the site.
- CoinMarketCap suffered a similar exploit days earlier.
- Victims are being tricked into connecting their wallets to receive fake token airdrops.
Crypto news outlet Cointelegraph has confirmed that its website was compromised in a front-end exploit used to promote a fraudulent token airdrop and steal from users.
It said in a statement on X on Sunday night that they were aware of the “fraudulent pop-up” and were “actively working on a fix”.
“Do not click on these pop-ups, connect your wallets [or] enter any personal information,” it warned.
Decrypt has approached Cointelegraph for comment.
The pop-up falsely claims users have been selected for a giveaway of a new token, purportedly part of a “fair launch initiative” by Cointelegraph to reward loyal readers.
It displayed a fabricated token price and promised users just under $5,500 worth of tokens if they connected their crypto wallets. It also claimed security firm CertiK had audited the smart contract.
The method used mirrors a similar front-end attack on the price aggregator CoinMarketCap, which occurred just two days prior.
In that case, visitors to the site saw pop-ups requesting wallet connections for verification purposes. CoinMarketCap later confirmed malicious code had been injected into the site and it was removed.
Both incidents represent a growing wave of phishing attacks targeting crypto platforms via compromised user interfaces.
In these scams, victims are lured into connecting wallets under false pretenses—such as receiving tokens or confirming identity—and then see their accounts drained by the attacker.
According to blockchain intelligence firm TRM Labs, phishing schemes and malware-based infrastructure attacks made up 70% of the $2.2 billion stolen in crypto-related hacks in 2024.
The Cointelegraph attack comes just days after security researchers disclosed a massive data dump containing over 16 billion stolen login credentials, including access to accounts on platforms like Google, Telegram, Facebook, and GitHub.
The trove was likely assembled from infostealer malware, credential stuffing, and prior leaks.
Edited by Sebastian Sinclair
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
