|
Title: Coinmarketcap was compromised Post by: Potato Chips on June 21, 2025, 04:02:39 AM Several hours ago, folks reported there was a malicious pop-up in CMC asking people to connect their wallet:
https://www.talkimg.com/images/2025/06/21/UuRN22.png https://www.reddit.com/r/Bitcoin/comments/1lgf6jn/coinmarketcap_has_been_hacked_do_not_interact/ Fortunately, it's been removed. I'm guessing there will be another update from then once investigation is over: Update: We've identified and removed the malicious code from our site. Our team is continuing to investigate and taking steps to strengthen our security. This is another reminder that even if we're on official website or any handle of a platform we use, there should be no blind trusting as exploits like this could happen to them. It's very likely though that there are already folks who fell victim. Considering the popularity of CMC, I wonder how much victims lost.. 🤔 Title: Re: Coinmarketcap was compromised Post by: mikel_012 on June 21, 2025, 04:31:29 AM Here is their update about what happened, shared by @TryNinja:
On June 20, 2025, our security team identified a vulnerability related to a doodle image displayed on our homepage. This doodle image contained a link that triggered malicious code through an API call, resulting in an unexpected pop-up for some users when visited our homepage. Upon discovery, We acted immediately to remove the problematic content, identified the root cause, and comprehensive measures have been implemented to isolate and mitigate the issue. We can confirm all systems are now fully operational, and CoinMarketCap is safe and secure for all users. We're actively monitoring user feedback and our support team is standing by to ensure all inquiries are promptly addressed. We are committed to maintaining the highest standards of security and transparency, and we thank you for the continued trust of our community. He says this might be a Cross Site Scripting XSS vulnerability. I don't know how this works but googling the term: Quote A cross-site scripting (XSS) attack is one in which an attacker is able to get a target site to execute malicious code as though it was part of the website. https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/XSSI think it makes sense since they said an image triggered malicious code. Title: Re: Coinmarketcap was compromised Post by: Upgrade00 on June 21, 2025, 05:29:26 AM Some unsuspecting users may see this as a way to directly track their assets on their wallets and actually connected their wallet using the malicious pop up. I would expect very few people to fall for this as a CMC pop up should not create enough panic to cause users to make such mistakes.
... This should mean there was potentially no data breach on their website.He says this might be a Cross Site Scripting XSS vulnerability. I don't know how this works but googling the term: Title: Re: Coinmarketcap was compromised Post by: TheUltraElite on June 21, 2025, 06:04:35 AM Lets just make it clear for anyone here without a good technical background, if any website asks you to connect your wallet, they can spend your money stored there so be careful.
Any site today can be a place for malicious code, high traffic sites are usually targeted like this. However this can happen with any site not just CMC in general, so always be on guard about such events. Title: Re: Coinmarketcap was compromised Post by: NotATether on June 21, 2025, 06:11:14 AM He says this might be a Cross Site Scripting XSS vulnerability. I don't know how this works but googling the term: Quote A cross-site scripting (XSS) attack is one in which an attacker is able to get a target site to execute malicious code as though it was part of the website. https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/XSSI think it makes sense since they said an image triggered malicious code. There's basically two ways (I am aware of) that you can inject malicious javascript into a website: 1. Gain control of one of the domains that is allowed to load javascript, then modify a js file to add the malicious code at the end or something. 2. As described in this link, exploit 'eval' constructs in order to run JS that is sent to a URL as some sort of parameter. If you've heard of SQL, this is called in SQL injection. In Javascript (and in NodeJS servers in particular) we call that XSS. Title: Re: Coinmarketcap was compromised Post by: Z-tight on June 21, 2025, 07:47:36 AM I believe that for someone to fall for this scam, they have to be really naive, there is really no reason to connect your wallet to Coinmarketcap website, when you can always go to their website to find any information you want on an cryptocurrency or crypto exchange. However, i wouldn't still be surprised if we found out later that there were victims to this.
CMC has to do better, their website is globally used, they can't put naive people at risk in this way. Title: Re: Coinmarketcap was compromised Post by: NotATether on June 21, 2025, 08:28:55 AM I believe that for someone to fall for this scam, they have to be really naive, there is really no reason to connect your wallet to Coinmarketcap website, when you can always go to their website to find any information you want on an cryptocurrency or crypto exchange. However, i wouldn't still be surprised if we found out later that there were victims to this. CMC has to do better, their website is globally used, they can't put naive people at risk in this way. The flip-side of this is that it only takes a few naive users for the scammers to rake in thousands, even millions. Because Web3 wallets can contain lots of money sometimes. Obviously I wouldn't recommend storing that much money inside any hot wallet - there's a reason why hardware wallets exist - but I understand why people want to use them. Title: Re: Coinmarketcap was compromised Post by: JeromeTash on June 21, 2025, 09:25:28 AM I believe that for someone to fall for this scam, they have to be really naive, there is really no reason to connect your wallet to Coinmarketcap website, when you can always go to their website to find any information you want on an cryptocurrency or crypto exchange. However, i wouldn't still be surprised if we found out later that there were victims to this. CMC has to do better, their website is globally used, they can't put naive people at risk in this way. All the coinmarketcap troubles started when they added the log in feature, so people could create accounts on their platform for airdrops and some other stuff. First there was a data breach and now this hack attempt Not so naive, users can as well get easily fooled since they think they might be logging into their accounts. The best way to avoid the impact of such incidents in the future is to completely remove the sig up/sign in features, and we get back to the good old coinmarketcap that just tracked coin prices. Title: Re: Coinmarketcap was compromised Post by: joniboini on June 21, 2025, 09:43:52 AM Not so naive, users can as well get easily fooled since they think they might be logging into their accounts. The best way to avoid the impact of such incidents in the future is to completely remove the sig up/sign in features, and we get back to the good old coinmarketcap that just tracked coin prices. I haven't used them for years now, but do users need to log in with their wallet to sign in? If that's not the case, then seeing a pop-up asking for a wallet interaction is a red flag. It doesn't help that some people would fall for a trick like this even if no login feature exists. I remember reading how a scammer hacked both a website and an official social media account to post that the website is doing a new update, so users need to sign up with their wallet or something. There's no better protection other than being sufficiently aware how scammers operates.Title: Re: Coinmarketcap was compromised Post by: JeromeTash on June 21, 2025, 10:15:09 AM Not so naive, users can as well get easily fooled since they think they might be logging into their accounts. The best way to avoid the impact of such incidents in the future is to completely remove the sig up/sign in features, and we get back to the good old coinmarketcap that just tracked coin prices. I haven't used them for years now, but do users need to log in with their wallet to sign in? If that's not the case, then seeing a pop-up asking for a wallet interaction is a red flag. https://talkimg.com/images/2025/06/21/UuT4qc.png So even an average user who has been using the platfrom before could have easily been fooled thinking it's business as usual. It doesn't help that some people would fall for a trick like this even if no login feature exists. I remember reading how a scammer hacked both a website and an official social media account to post that the website is doing a new update, so users need to sign up with their wallet or something. There's no better protection other than being sufficiently aware how scammers operates. Apart from the not so useful token airdrops. I don't even see the point of creating an account on coinmarketcap let alone linking one's wallet to it.Title: Re: Coinmarketcap was compromised Post by: crwth on June 21, 2025, 10:23:31 AM It's good that this was already resolved quickly with their action, and I do hope there are not a lot of victims. In a way, it could make sense that you can log in with your wallet to see the assets, but it's best to just check your public address that has the assets. Sometimes, it's helpful if you are tracking the prices of your holdings.
If they are frequent users of CMC, they would see it as a weird pop-up. It's probably not as easy as they think. Title: Re: Coinmarketcap was compromised Post by: Lucius on June 21, 2025, 10:55:21 AM As far as can be seen from the OP (ss), that pop-up was displayed even to visitors who were not logged in, which means that it was targeting all visitors, not just registered users. Depending on how long the attack took place, it would be strange if there weren't those who fell for that trick - because unfortunately there are a lot of naive people who don't think about what they're doing and don't understand the risks.
For those who want an alternative to CMC, I would recommend CoinGecko - I personally use them to occasionally check the price of some coins. Title: Re: Coinmarketcap was compromised Post by: Z-tight on June 21, 2025, 12:29:10 PM So even an average user who has been using the platfrom before could have easily been fooled thinking it's business as usual. That is about right, i don't have an account on coinmarketcap and like you said, i don't see any reason why anyone should as well. People who have accounts on Coinmarketcap were the target, because the pop-up asked them to connect their wallet, so that they could maintain full access to their 'coinmarketcap account'. That is crazy, now i strongly believe there are victims to this.Title: Re: Coinmarketcap was compromised Post by: Apocollapse on June 21, 2025, 04:15:06 PM Here how it looks if someone get drained in Coinmarketcap https://x.com/apoorveth/status/1936207021180637654
It's require few clicks in order to approve the wallet to send coins to the scammer address, that's why it's important to check before you click something. From now on people shouldn't only need to aware with phishing sites, but they also have to aware with legit sites. Title: Re: Coinmarketcap was compromised Post by: The Cryptovator on June 21, 2025, 06:20:01 PM Since Binance bought CMC, they should improve their security system as well. I am afraid if innocent users fall into this pop-up and connect their wallet. Attackers would drain their wallet easily; whoever connects their wallet. Though the CMC team identified the issue and solved it, there is still concern about users who connect wallets. They should compensate users in case someone lost from this attack.
This reminds us again we shouldn't blindly trust any trusted sites as well. In case we noticed any unusual activities from the trusted sites, we should think twice. Forum users better raise the issue on the forum so other users could share their experience and save themselves from the scam. Often I don't act on such situation though I haven't faced something like this before. Title: Re: Coinmarketcap was compromised Post by: LTU_btc on June 21, 2025, 07:28:39 PM I believe that for someone to fall for this scam, they have to be really naive, there is really no reason to connect your wallet to Coinmarketcap website, when you can always go to their website to find any information you want on an cryptocurrency or crypto exchange. However, i wouldn't still be surprised if we found out later that there were victims to this. Sometimes I'm surprised how naive some people. And how many such people there is around us. I'm not really sure how these naive people got all this money that they're giving away to scammers.CMC has to do better, their website is globally used, they can't put naive people at risk in this way. Considering how popular Coinmarketcap is, probably enough people have fallen into this scam, despite that CMC removed it quite quickly. Title: Re: Coinmarketcap was compromised Post by: r_victory on June 21, 2025, 09:14:14 PM Many people who might fall for scams like this may not even be naive, but complete newbies. Cryptocurrencies are becoming more popular and are being more widely known. When I started, I didn't have much of an idea of the security measures needed. Cryptocurrencies require something "more" than your bank account or credit card. I don't even like using my social accounts like Google or Facebook to log in, let alone my wallet. The worst part is that if you have Metamask, for example, when you access a website with this option, it automatically opens and asks for your approval. Maybe on one of these, a newbie approves, and the wallet is cleared.
Title: Re: Coinmarketcap was compromised Post by: robelneo on June 21, 2025, 11:26:43 PM It's very likely though that there are already folks who fell victim. Considering the popularity of CMC, I wonder how much victims lost.. 🤔 We'll know this in the coming days. I prefer Coingecko over CoinMarketCap, and with this incident, some will shift their preferences. CoinMarketCap is an industry leader. This should not have happened, but it happened. We have second thoughts connecting to unknown and news sites, but now we also have to guard ourselves from established platforms. Title: Re: Coinmarketcap was compromised Post by: hugeblack on June 22, 2025, 06:47:13 AM Since Binance purchased this service and CoinMarketCap has become a tool for quick profit and advertising, I wouldn't be surprised if the number of developers is small compared to the profits they generate.
Furthermore, it's best to create an empty wallet to connect it to *trusted services.* Title: Re: Coinmarketcap was compromised Post by: coin-investor on June 23, 2025, 02:14:50 PM It's hard to imagine a market aggrgator backed owned and managed by one of te top exchange will suffer a breach, latest update abot the compromised there are users who conected their wallet and the hacker hacked substanstial amount.
There are 110 users fallen victim to the scheme, we can conclude that if the platform is popular people will have no second thought connecting their wallet, its a pity people should have done an investigation and confirm if the wallet popup is a new additional features. Quote More details about the attack came later from a threat actor known as Rey, who said that the attackers behind the CoinMarketCap supply chain attack shared a screenshot of the drainer panel on a Telegram channel. This panel indicated that $43,266 was stolen from 110 victims as part of this supply chain attack, with the threat actors speaking in French on the Telegram channel. CoinMarketCap briefly hacked to drain crypto wallets via fake Web3 popup (https://www.bleepingcomputer.com/news/security/coinmarketcap-briefly-hacked-to-drain-crypto-wallets-via-fake-web3-popup) Title: Re: Coinmarketcap was compromised Post by: Porfirii on June 23, 2025, 04:49:53 PM It's hard to imagine a market aggrgator backed owned and managed by one of te top exchange will suffer a breach, latest update abot the compromised there are users who conected their wallet and the hacker hacked substanstial amount. There are 110 users fallen victim to the scheme, we can conclude that if the platform is popular people will have no second thought connecting their wallet, its a pity people should have done an investigation and confirm if the wallet popup is a new additional features. Quote More details about the attack came later from a threat actor known as Rey, who said that the attackers behind the CoinMarketCap supply chain attack shared a screenshot of the drainer panel on a Telegram channel. This panel indicated that $43,266 was stolen from 110 victims as part of this supply chain attack, with the threat actors speaking in French on the Telegram channel. CoinMarketCap briefly hacked to drain crypto wallets via fake Web3 popup (https://www.bleepingcomputer.com/news/security/coinmarketcap-briefly-hacked-to-drain-crypto-wallets-via-fake-web3-popup) That's $400 on average per victim, it could've been much worse but it seems that the pop-up was removed quickly. Unfortunately, speed in a leading site like CMC is relative, and it seems that they'll have to improve their security and reaction time, because the threat of a new attack is not going to diminish from now on. Guys, be careful out there.... Title: Re: Coinmarketcap was compromised Post by: PX-Z on June 23, 2025, 05:02:20 PM This is another reminder that even if we're on official website or any handle of a platform we use, there should be no blind trusting as exploits like this could happen to them. As long as you have a basic understanding of how the site works and know how to think critically and check for potential exploits, you should be safe. Otherwise, unfortunately, some users may end up falling victim. With the CMC team's quick response to the issue, I hope no one ends up losing anything from that exploit.Title: Re: Coinmarketcap was compromised Post by: cryptoaddictchie on June 23, 2025, 10:53:10 PM Since Binance purchased this service and CoinMarketCap has become a tool for quick profit and advertising, I wouldn't be surprised if the number of developers is small compared to the profits they generate. Since its business they needed some traction on profits and ads likely is the easiest way to so it. People viewed coinmarketcap often for checking tokens and coins for info but as a user I feel like coingecko is much better now and dont have stuff like this. Now this news of breach will literally become a noise on Binance side as negative thing for them as well. Furthermore, it's best to create an empty wallet to connect it to *trusted services.* Title: Re: Coinmarketcap was compromised Post by: Darker45 on June 24, 2025, 12:39:57 AM Since Binance purchased this service and CoinMarketCap has become a tool for quick profit and advertising, I wouldn't be surprised if the number of developers is small compared to the profits they generate. Since its business they needed some traction on profits and ads likely is the easiest way to so it. People viewed coinmarketcap often for checking tokens and coins for info but as a user I feel like coingecko is much better now and dont have stuff like this. Now this news of breach will literally become a noise on Binance side as negative thing for them as well. Furthermore, it's best to create an empty wallet to connect it to *trusted services.* I also shifted to Coingecko years ago, but it seems they're not much different from each other. They both have sign-up features, obtaining personal data and metadata from millions of users around the world. Apart from them getting personal information, this is utterly useless. Coinmarketcap was known to promote HYIPs and scams on their site. I think Coingecko isn't much stricter. If the pay is right, your ad is allowed. And it's not only CMC that experienced a breach. Coingecko had one although it's more of a fault of their third-party partner. Regardless, it's the millions of personal data they pointlessly gathered from their users that were compromised. The victims are now bombarded with phishing emails. Title: Re: Coinmarketcap was compromised Post by: coupable on June 24, 2025, 10:47:44 PM It's hard to imagine a market aggrgator backed owned and managed by one of te top exchange will suffer a breach, latest update abot the compromised there are users who conected their wallet and the hacker hacked substanstial amount. There are 110 users fallen victim to the scheme, we can conclude that if the platform is popular people will have no second thought connecting their wallet, its a pity people should have done an investigation and confirm if the wallet popup is a new additional features. Quote More details about the attack came later from a threat actor known as Rey, who said that the attackers behind the CoinMarketCap supply chain attack shared a screenshot of the drainer panel on a Telegram channel. This panel indicated that $43,266 was stolen from 110 victims as part of this supply chain attack, with the threat actors speaking in French on the Telegram channel. CoinMarketCap briefly hacked to drain crypto wallets via fake Web3 popup (https://www.bleepingcomputer.com/news/security/coinmarketcap-briefly-hacked-to-drain-crypto-wallets-via-fake-web3-popup) That's $400 on average per victim, it could've been much worse but it seems that the pop-up was removed quickly. Unfortunately, speed in a leading site like CMC is relative, and it seems that they'll have to improve their security and reaction time, because the threat of a new attack is not going to diminish from now on. Guys, be careful out there.... |
