CoinMarketCap使用涂鸦图像注入恶意代码，触发了假钱包验证弹出窗口。提醒保持警惕！

CoinMarketCap Hit by Wallet Phishing Exploit: A Wake-Up Call for Crypto Users

CoinMarketCap受到钱包网络钓鱼漏洞的命中：加密用户的唤醒电话

Heads up, crypto fam! CoinMarketCap, the go-to spot for checking crypto prices, just got hit with a wallet phishing exploit, injecting malicious code that triggered fake wallet verification pop-ups. Here’s the lowdown on what happened and how to stay safe.

抬起头，加密货币。 CoinMarketCap是检查加密货币价格的首选位置，刚刚被钱包网络钓鱼漏洞打击，注入了触发假钱包验证弹出窗口的恶意代码。这是关于发生的事情以及如何保持安全的低点。

The Exploit: How It Went Down

利用：它是如何下降的

On June 20, 2025, some sneaky hackers exploited a vulnerability in CoinMarketCap’s front-end system. They used a seemingly harmless doodle image to inject malicious code that caused fake wallet verification pop-ups to appear across the site. According to Coinspect Security, the breach used CoinMarketCap’s backend API to deliver a manipulated JSON payload that embedded JavaScript into the homepage.

2025年6月20日，一些偷偷摸摸的黑客在CoinMarketCap的前端系统中利用了脆弱性。他们使用看似无害的涂鸦图像来注入恶意代码，该代码导致虚假的钱包验证弹出窗口出现在整个网站上。根据Coinspect Security的说法，漏洞使用CoinMarketCap的后端API进行了操纵的JSON有效载荷，该有效载荷将JavaScript嵌入到主页中。

Basically, the attackers hijacked the platform’s rotating “doodles” feature to embed the malicious code without messing with the site’s core infrastructure. When users visited the homepage, they were prompted to “Verify Wallet,” a classic phishing move to trick them into handing over their crypto holdings.

基本上，攻击者劫持了平台的旋转“涂鸦”功能，以嵌入恶意代码，而不会弄乱网站的核心基础架构。当用户访问主页时，他们被提示“验证钱包”，这是一个经典的网络钓鱼动作，诱使他们移交了加密货币。

CoinMarketCap's Response

CoinMarketCap的回应

CoinMarketCap acted swiftly, removing the problematic content shortly after discovery. "Upon discovery, we acted immediately to remove the problematic content,” CoinMarketCap said in a statement posted to social media. “Comprehensive measures have been implemented to isolate and mitigate the issue.” They're still investigating the full extent of the breach and working on strengthening their security.

CoinMarketCap迅速采取了行动，发现后不久将有问题的内容删除。 CoinMarketCap在社交媒体上发表的一份声明中说：“发现后，我们立即采取了行动去除问题的内容。” “已经采取了全面的措施来隔离和减轻问题。”他们仍在调查违规的全部范围，并致力于加强其安全性。

Lessons Learned and Staying Safe

经验教训并保持安全

This incident serves as a stark reminder of the constant threats in the crypto world. Always be skeptical of unexpected pop-ups or requests to verify your wallet. Double-check URLs, and never enter your private keys or seed phrases unless you're absolutely sure the site is legit.

这一事件引起了加密世界中不断威胁的敏锐提醒。始终怀疑出意外的弹出窗口或验证您的钱包的请求。仔细检查URL，并且切勿输入您的私钥或种子短语，除非您绝对确定该网站是合法的。

MetaMask and Phantom even red-flagged the malicious pop-up, warning users about the unsafe website, further emphasizing the importance of browser extensions and community vigilance in identifying and flagging potential threats.

Metamask和Phantom甚至红色的恶意弹出窗口，警告用户有关不安全的网站，进一步强调了浏览器扩展和社区警惕在识别和标记潜在威胁方面的重要性。

While CoinMarketCap hasn’t disclosed how many users were affected or if any wallets were compromised, it's better to be safe than sorry. Keep your wits about you and stay informed about the latest scams and phishing tactics.

尽管CoinMarketCap尚未透露有多少用户受到影响或是否受到钱包的损害，但安全比后悔更好。保持您的智慧，并了解最新的骗局和网络钓鱼策略。

My Take

我的看法

Honestly, this whole situation is a bit unsettling. CoinMarketCap is a trusted resource for many crypto enthusiasts, so seeing them fall victim to such an exploit is concerning. It highlights the need for even the biggest players in the crypto space to remain vigilant about security. I think it's essential for platforms like CoinMarketCap to be more transparent about these incidents, providing detailed information about what happened and what steps they're taking to prevent future attacks. Furthermore, user education is paramount. Clear, concise warnings and best practices should be readily available to help users protect themselves from phishing scams and other malicious activities.

老实说，整个情况有点令人不安。 CoinMarketCap是许多加密爱好者的信任资源，因此看到他们成为这种剥削的受害者。它突出了即使是加密货币领域中最大的球员也需要保持对安全的警惕。我认为对于CoinMarketCap等平台来说，对这些事件更加透明，提供有关发生的事情以及他们采取的措施以防止将来攻击的详细信息。此外，用户教育至关重要。明确，简洁的警告和最佳实践应很容易获得，以帮助用户保护自己免受网络钓鱼骗局和其他恶意活动的影响。

A Final Thought

最后的想法

So, keep your eyes peeled, stay sharp, and remember: in the wild west of crypto, a little paranoia goes a long way. Stay safe out there, crypto cowboys and cowgirls!

因此，请保持眼睛剥皮，保持锋利，并记住：在加密岛的野外，有点偏执狂走了很长一段路。在那里保持安全，加密牛仔和女牛仔！