Phishing Frenzy: CoinMarketCap, CoinTelegraph, and the Crypto Credibility Crisis

Crypto giants CoinMarketCap and CoinTelegraph were recently hit by phishing attacks, highlighting the urgent need for stronger security measures in the crypto space.

Hold onto your hats, crypto enthusiasts! It's been a wild ride with 'Phishing attacks, crypto sites, CoinMarketCap' making headlines. Let's dive into the chaos and see what's shaking.

Double Trouble: CoinMarketCap and CoinTelegraph Under Attack

First, CoinMarketCap (CMC), the go-to spot for tracking crypto prices, got hit. On June 20, 2025, users were bombarded with a sneaky pop-up urging them to connect their wallets to maintain access. Classic phishing, right?

Then, just a day later, CoinTelegraph, another major crypto news outlet, suffered a similar breach. Their banner publishing system was compromised, displaying a malicious ad promoting a fake token airdrop.

How Did This Happen?

In CoinMarketCap's case, attackers messed with the API request that loads a "doodle" image on the homepage. They injected hidden JavaScript code that triggered the malicious pop-up. If users clicked 'Connect Wallet,' the script would attempt to steal wallet credentials or private keys.

CoinTelegraph's issue involved a compromised banner publishing system, resulting in a malicious advertisement promoting a fake token airdrop on their website.

According to Web3 on‑chain security company Blockaid, 76 CoinMarketCap visitors were tricked, leading to a loss of $21,624.47, which CMC promised to reimburse.

The Common Thread: Supply Chain Attacks

Both attacks share a concerning similarity: they were supply chain attacks. Attackers didn't directly breach CMC or CoinTelegraph's servers. Instead, they compromised third-party resources that these platforms trusted.

C/side, a US-based startup, explained that this type of client-side attack is particularly dangerous because it bypasses server-side security tools and exploits user trust in familiar platforms.

Inferno Drainer: The Mastermind?

Both attacks appear to be connected to customers of Inferno Drainer, a "Drainer-as-a-Service" outfit that has facilitated numerous similar attacks, causing hundreds of millions in losses.

The Aftermath

Both CoinMarketCap and CoinTelegraph have cleaned up their acts and strengthened their security controls to prevent future attacks. But the damage is done. Trust has been shaken.

My Take: A Wake-Up Call

These incidents are a stark reminder that no platform is immune to attack. The crypto space needs to step up its security game, focusing on supply chain vulnerabilities and user education. We need to be more skeptical of pop-ups and double-check everything before connecting our wallets.

Speaking of user education, it’s crucial that platforms invest in tools and resources that help users identify and avoid phishing attempts. Real-time alerts, like the one provided by MetaMask, are essential, but more can be done.

Looking Ahead

So, what's the takeaway? Stay vigilant, folks! The crypto world is exciting, but it's also full of dangers. Keep your wits about you, and don't let those pesky phishers steal your precious crypto. And hey, maybe invest in a hardware wallet while you're at it. You can never be too safe, right?