CoinMarketCap使用塗鴉圖像注入惡意代碼，觸發了假錢包驗證彈出窗口。提醒保持警惕！

CoinMarketCap Hit by Wallet Phishing Exploit: A Wake-Up Call for Crypto Users

CoinMarketCap受到錢包網絡釣魚漏洞的命中：加密用戶的喚醒電話

Heads up, crypto fam! CoinMarketCap, the go-to spot for checking crypto prices, just got hit with a wallet phishing exploit, injecting malicious code that triggered fake wallet verification pop-ups. Here’s the lowdown on what happened and how to stay safe.

抬起頭，加密貨幣。 CoinMarketCap是檢查加密貨幣價格的首選位置，剛剛被錢包網絡釣魚漏洞打擊，注入了觸發假錢包驗證彈出窗口的惡意代碼。這是關於發生的事情以及如何保持安全的低點。

The Exploit: How It Went Down

利用：它是如何下降的

On June 20, 2025, some sneaky hackers exploited a vulnerability in CoinMarketCap’s front-end system. They used a seemingly harmless doodle image to inject malicious code that caused fake wallet verification pop-ups to appear across the site. According to Coinspect Security, the breach used CoinMarketCap’s backend API to deliver a manipulated JSON payload that embedded JavaScript into the homepage.

2025年6月20日，一些偷偷摸摸的黑客在CoinMarketCap的前端系統中利用了脆弱性。他們使用看似無害的塗鴉圖像來注入惡意代碼，該代碼導致虛假的錢包驗證彈出窗口出現在整個網站上。根據Coinspect Security的說法，漏洞使用CoinMarketCap的後端API進行了操縱的JSON有效載荷，該有效載荷將JavaScript嵌入到主頁中。

Basically, the attackers hijacked the platform’s rotating “doodles” feature to embed the malicious code without messing with the site’s core infrastructure. When users visited the homepage, they were prompted to “Verify Wallet,” a classic phishing move to trick them into handing over their crypto holdings.

基本上，攻擊者劫持了平台的旋轉“塗鴉”功能，以嵌入惡意代碼，而不會弄亂網站的核心基礎架構。當用戶訪問主頁時，他們被提示“驗證錢包”，這是一個經典的網絡釣魚動作，誘使他們移交了加密貨幣。

CoinMarketCap's Response

CoinMarketCap的回應

CoinMarketCap acted swiftly, removing the problematic content shortly after discovery. "Upon discovery, we acted immediately to remove the problematic content,” CoinMarketCap said in a statement posted to social media. “Comprehensive measures have been implemented to isolate and mitigate the issue.” They're still investigating the full extent of the breach and working on strengthening their security.

CoinMarketCap迅速採取了行動，發現後不久將有問題的內容刪除。 CoinMarketCap在社交媒體上發表的一份聲明中說：“發現後，我們立即採取了行動去除問題的內容。” “已經採取了全面的措施來隔離和減輕問題。”他們仍在調查違規的全部範圍，並致力於加強其安全性。

Lessons Learned and Staying Safe

經驗教訓並保持安全

This incident serves as a stark reminder of the constant threats in the crypto world. Always be skeptical of unexpected pop-ups or requests to verify your wallet. Double-check URLs, and never enter your private keys or seed phrases unless you're absolutely sure the site is legit.

這一事件引起了加密世界中不斷威脅的敏銳提醒。始終懷疑出意外的彈出窗口或驗證您的錢包的請求。仔細檢查URL，並且切勿輸入您的私鑰或種子短語，除非您絕對確定該網站是合法的。

MetaMask and Phantom even red-flagged the malicious pop-up, warning users about the unsafe website, further emphasizing the importance of browser extensions and community vigilance in identifying and flagging potential threats.

Metamask和Phantom甚至紅色的惡意彈出窗口，警告用戶有關不安全的網站，進一步強調了瀏覽器擴展和社區警惕在識別和標記潛在威脅方面的重要性。

While CoinMarketCap hasn’t disclosed how many users were affected or if any wallets were compromised, it's better to be safe than sorry. Keep your wits about you and stay informed about the latest scams and phishing tactics.

儘管CoinMarketCap尚未透露有多少用戶受到影響或是否受到錢包的損害，但安全比後悔更好。保持您的智慧，並了解最新的騙局和網絡釣魚策略。

My Take

我的看法

Honestly, this whole situation is a bit unsettling. CoinMarketCap is a trusted resource for many crypto enthusiasts, so seeing them fall victim to such an exploit is concerning. It highlights the need for even the biggest players in the crypto space to remain vigilant about security. I think it's essential for platforms like CoinMarketCap to be more transparent about these incidents, providing detailed information about what happened and what steps they're taking to prevent future attacks. Furthermore, user education is paramount. Clear, concise warnings and best practices should be readily available to help users protect themselves from phishing scams and other malicious activities.

老實說，整個情況有點令人不安。 CoinMarketCap是許多加密愛好者的信任資源，因此看到他們成為這種剝削的受害者。它突出了即使是加密貨幣領域中最大的球員也需要保持對安全的警惕。我認為對於CoinMarketCap等平台來說，對這些事件更加透明，提供有關發生的事情以及他們採取的措施以防止將來攻擊的詳細信息。此外，用戶教育至關重要。明確，簡潔的警告和最佳實踐應很容易獲得，以幫助用戶保護自己免受網絡釣魚騙局和其他惡意活動的影響。

A Final Thought

最後的想法

So, keep your eyes peeled, stay sharp, and remember: in the wild west of crypto, a little paranoia goes a long way. Stay safe out there, crypto cowboys and cowgirls!

因此，請保持眼睛剝皮，保持鋒利，並記住：在加密島的野外，有點偏執狂走了很長一段路。在那裡保持安全，加密牛仔和女牛仔！