Crypto Users Targeted as Cointelegraph and CoinMarketCap Fall to Front-End Hacks

A new breed of cyber-attack is sweeping through crypto media, exploiting site pop-ups and wallet-connect prompts instead of smart-contract bugs.

Within 48 hours, both CoinMarketCap and Cointelegraph were compromised, each incident using nearly identical tactics: inject malicious front-end code, push a “verify your wallet” notice, siphon funds.

Binance founder CZ took to X after the second breach, reminding traders that it’s now human error—one careless click—rather than faulty code that hackers bet on: “Information sites are the latest target. Think twice before authorizing any wallet connect.”

How the attacks worked

• CoinMarketCap: a rogue script displayed a giveaway banner; 39 wallets lost about $18.5 k before the alert was scrubbed. The site says victims will be reimbursed.
• Cointelegraph: similar pop-up touted a token “fair launch,” faking a CertiK audit badge to add legitimacy. Loss totals are still being tallied.

Read More:

Robert Kiyosaki Predicts 2025 “Super-Crash,” Urges Hoarding Gold, Silver, and Bitcoin

Bigger trend

Security firm CertiK says 2025 thefts have already topped $2.1 billion, with wallet-phishing now the dominant vector. Co-founder Ronghui Gu sums it up: “Code is getting harder to exploit, so criminals pivot to people.”

Take-away for users

• Ignore surprise airdrop/giveaway pop-ups—legit sites don’t ask for wallet signatures out of the blue.
• Bookmark official URLs and access them directly; avoid links from social feeds.
• Use hardware wallets or set spend limits on hot wallets to cap potential damage.

Smart contracts may be maturing, but the weakest link has simply moved up the stack—to the person behind the screen.