Coinmarketcap was compromised

[Potato Chips]

Several hours ago, folks reported there was a malicious pop-up in CMC asking people to connect their wallet:


https://www.reddit.com/r/Bitcoin/comments/1lgf6jn/coinmarketcap_has_been_hacked_do_not_interact/


Fortunately, it's been removed. I'm guessing there will be another update from then once investigation is over:

Update: We've identified and removed the malicious code from our site.

Our team is continuing to investigate and taking steps to strengthen our security.

This is another reminder that even if we're on official website or any handle of a platform we use, there should be no blind trusting as exploits like this could happen to them.

It's very likely though that there are already folks who fell victim. Considering the popularity of CMC, I wonder how much victims lost.. 🤔

[mikel_012]

Here is their update about what happened, shared by @TryNinja:

On June 20, 2025, our security team identified a vulnerability related to a doodle image displayed on our homepage. This doodle image contained a link that triggered malicious code through an API call, resulting in an unexpected pop-up for some users when visited our homepage.

Upon discovery, We acted immediately to remove the problematic content, identified the root cause, and comprehensive measures have been implemented to isolate and mitigate the issue.

We can confirm all systems are now fully operational, and CoinMarketCap is safe and secure for all users.

We're actively monitoring user feedback and our support team is standing by to ensure all inquiries are promptly addressed. We are committed to maintaining the highest standards of security and transparency, and we thank you for the continued trust of our community.

He says this might be a Cross Site Scripting XSS vulnerability. I don't know how this works but googling the term:

A cross-site scripting (XSS) attack is one in which an attacker is able to get a target site to execute malicious code as though it was part of the website.

https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/XSS

I think it makes sense since they said an image triggered malicious code.

[Upgrade00]

Some unsuspecting users may see this as a way to directly track their assets on their wallets and actually connected their wallet using the malicious pop up. I would expect very few people to fall for this as a CMC pop up should not create enough panic to cause users to make such mistakes.

...
He says this might be a Cross Site Scripting XSS vulnerability. I don't know how this works but googling the term:

This should mean there was potentially no data breach on their website.

[TheUltraElite]

Lets just make it clear for anyone here without a good technical background, if any website asks you to connect your wallet, they can spend your money stored there so be careful.

Any site today can be a place for malicious code, high traffic sites are usually targeted like this. However this can happen with any site not just CMC in general, so always be on guard about such events.

[NotATether]

He says this might be a Cross Site Scripting XSS vulnerability. I don't know how this works but googling the term:

A cross-site scripting (XSS) attack is one in which an attacker is able to get a target site to execute malicious code as though it was part of the website.

https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/XSS

I think it makes sense since they said an image triggered malicious code.

There's basically two ways (I am aware of) that you can inject malicious javascript into a website:

1. Gain control of one of the domains that is allowed to load javascript, then modify a js file to add the malicious code at the end or something.
2. As described in this link, exploit 'eval' constructs in order to run JS that is sent to a URL as some sort of parameter. If you've heard of SQL, this is called in SQL injection. In Javascript (and in NodeJS servers in particular) we call that XSS.

[Z-tight]

I believe that for someone to fall for this scam, they have to be really naive, there is really no reason to connect your wallet to Coinmarketcap website, when you can always go to their website to find any information you want on an cryptocurrency or crypto exchange. However, i wouldn't still be surprised if we found out later that there were victims to this.

CMC has to do better, their website is globally used, they can't put naive people at risk in this way.

[NotATether]

I believe that for someone to fall for this scam, they have to be really naive, there is really no reason to connect your wallet to Coinmarketcap website, when you can always go to their website to find any information you want on an cryptocurrency or crypto exchange. However, i wouldn't still be surprised if we found out later that there were victims to this.

CMC has to do better, their website is globally used, they can't put naive people at risk in this way.

The flip-side of this is that it only takes a few naive users for the scammers to rake in thousands, even millions. Because Web3 wallets can contain lots of money sometimes. Obviously I wouldn't recommend storing that much money inside any hot wallet - there's a reason why hardware wallets exist - but I understand why people want to use them.

[JeromeTash]

I believe that for someone to fall for this scam, they have to be really naive, there is really no reason to connect your wallet to Coinmarketcap website, when you can always go to their website to find any information you want on an cryptocurrency or crypto exchange. However, i wouldn't still be surprised if we found out later that there were victims to this.

CMC has to do better, their website is globally used, they can't put naive people at risk in this way.

All the coinmarketcap troubles started when they added the log in feature, so people could create accounts on their platform for airdrops and some other stuff. First there was a data breach and now this hack attempt

Not so naive, users can as well get easily fooled since they think they might be logging into their accounts. The best way to avoid the impact of such incidents in the future is to completely remove the sig up/sign in features, and we get back to the good old coinmarketcap that just tracked coin prices.

[joniboini]

Not so naive, users can as well get easily fooled since they think they might be logging into their accounts. The best way to avoid the impact of such incidents in the future is to completely remove the sig up/sign in features, and we get back to the good old coinmarketcap that just tracked coin prices.

I haven't used them for years now, but do users need to log in with their wallet to sign in? If that's not the case, then seeing a pop-up asking for a wallet interaction is a red flag. It doesn't help that some people would fall for a trick like this even if no login feature exists. I remember reading how a scammer hacked both a website and an official social media account to post that the website is doing a new update, so users need to sign up with their wallet or something. There's no better protection other than being sufficiently aware how scammers operates.

[JeromeTash]

Not so naive, users can as well get easily fooled since they think they might be logging into their accounts. The best way to avoid the impact of such incidents in the future is to completely remove the sig up/sign in features, and we get back to the good old coinmarketcap that just tracked coin prices.

I haven't used them for years now, but do users need to log in with their wallet to sign in? If that's not the case, then seeing a pop-up asking for a wallet interaction is a red flag.

This is how their sign-up page looks like (Similar log in options can be seen in their login page as well)



So even an average user who has been using the platfrom before could have easily been fooled thinking it's business as usual.

It doesn't help that some people would fall for a trick like this even if no login feature exists. I remember reading how a scammer hacked both a website and an official social media account to post that the website is doing a new update, so users need to sign up with their wallet or something. There's no better protection other than being sufficiently aware how scammers operates.

Apart from the not so useful token airdrops. I don't even see the point of creating an account on coinmarketcap let alone linking one's wallet to it.

[crwth]

It's good that this was already resolved quickly with their action, and I do hope there are not a lot of victims. In a way, it could make sense that you can log in with your wallet to see the assets, but it's best to just check your public address that has the assets. Sometimes, it's helpful if you are tracking the prices of your holdings.

If they are frequent users of CMC, they would see it as a weird pop-up. It's probably not as easy as they think.

[Lucius]

As far as can be seen from the OP (ss), that pop-up was displayed even to visitors who were not logged in, which means that it was targeting all visitors, not just registered users. Depending on how long the attack took place, it would be strange if there weren't those who fell for that trick - because unfortunately there are a lot of naive people who don't think about what they're doing and don't understand the risks.

For those who want an alternative to CMC, I would recommend CoinGecko - I personally use them to occasionally check the price of some coins.

[Z-tight]

So even an average user who has been using the platfrom before could have easily been fooled thinking it's business as usual.

That is about right, i don't have an account on coinmarketcap and like you said, i don't see any reason why anyone should as well. People who have accounts on Coinmarketcap were the target, because the pop-up asked them to connect their wallet, so that they could maintain full access to their 'coinmarketcap account'. That is crazy, now i strongly believe there are victims to this.

[Apocollapse]

Here how it looks if someone get drained in Coinmarketcap https://x.com/apoorveth/status/1936207021180637654

It's require few clicks in order to approve the wallet to send coins to the scammer address, that's why it's important to check before you click something.

From now on people shouldn't only need to aware with phishing sites, but they also have to aware with legit sites.

[The Cryptovator]

Since Binance bought CMC, they should improve their security system as well. I am afraid if innocent users fall into this pop-up and connect their wallet. Attackers would drain their wallet easily; whoever connects their wallet. Though the CMC team identified the issue and solved it, there is still concern about users who connect wallets. They should compensate users in case someone lost from this attack.

This reminds us again we shouldn't blindly trust any trusted sites as well. In case we noticed any unusual activities from the trusted sites, we should think twice. Forum users better raise the issue on the forum so other users could share their experience and save themselves from the scam. Often I don't act on such situation though I haven't faced something like this before.

[LTU_btc]

I believe that for someone to fall for this scam, they have to be really naive, there is really no reason to connect your wallet to Coinmarketcap website, when you can always go to their website to find any information you want on an cryptocurrency or crypto exchange. However, i wouldn't still be surprised if we found out later that there were victims to this.

CMC has to do better, their website is globally used, they can't put naive people at risk in this way.

Sometimes I'm surprised how naive some people. And how many such people there is around us. I'm not really sure how these naive people got all this money that they're giving away to scammers.
Considering how popular Coinmarketcap is, probably enough people have fallen into this scam, despite that CMC removed it quite quickly.

[r_victory]

Many people who might fall for scams like this may not even be naive, but complete newbies. Cryptocurrencies are becoming more popular and are being more widely known. When I started, I didn't have much of an idea of ​​the security measures needed. Cryptocurrencies require something "more" than your bank account or credit card. I don't even like using my social accounts like Google or Facebook to log in, let alone my wallet. The worst part is that if you have Metamask, for example, when you access a website with this option, it automatically opens and asks for your approval. Maybe on one of these, a newbie approves, and the wallet is cleared.

[robelneo]

It's very likely though that there are already folks who fell victim. Considering the popularity of CMC, I wonder how much victims lost.. 🤔

We'll know this in the coming days. I prefer Coingecko over CoinMarketCap, and with this incident, some will shift their preferences.
CoinMarketCap is an industry leader. This should not have happened, but it happened. We have second thoughts connecting to unknown and news sites, but now we also have to guard ourselves from established platforms.

[hugeblack]

Since Binance purchased this service and CoinMarketCap has become a tool for quick profit and advertising, I wouldn't be surprised if the number of developers is small compared to the profits they generate.

Furthermore, it's best to create an empty wallet to connect it to *trusted services.*