CoinMarketCap Hack Fixed; Scammers Targeted Users Via Fake Wallet Verification

CoinMarketCap users were recently targeted by scammers who exploited a vulnerability on the popular crypto price-tracking website. According to the latest reports, the platform swiftly removed a malicious pop-up from its website and is conducting a thorough investigation into the incident.

CoinMarketCap Removes Malicious Code After Security Hack

In an earlier alert, CoinMarketCap warned its users about a malicious pop-up notification attempting to trick them into verifying their crypto wallets. The platform wrote on an X post, “We’re aware that a malicious pop-up prompting users to “Verify Wallet” has appeared on our site. Do NOT connect your wallet.”

In a subsequent post, CoinMarketCap confirmed that they have identified and removed the malicious code. This update was provided within three hours of the platform’s public acknowledgment of the malicious notification. The message read,

Update: We’ve identified and removed the malicious code from our site. Our team is continuing to investigate and taking steps to strengthen our security.

According to Coinspect Security, a blockchain security firm, CoinMarketCap’s backend API was compromised, serving manipulated JSON payloads that injected malicious JavaScript via its ‘doodles’ feature. The firm cited, “Yes, CoinMarketCap drainer loaded from a “doodle” JSON file.”

It is noteworthy that this incident comes on the heels of another high-profile hack that resulted in the loss of at least $100 million in crypto. As CoinGape reported, Iranian exchange Nobitex was breached by Israeli attackers as part of the ongoing Iran-Israel war. Last month, prominent crypto exchange Coinbase was also hit by a security breach. Previously, the crypto price tracker was hacked in October 2021. As a result, around 3.1 million email addresses belonging to CoinMarketCap users were compromised.

Users and Platforms Sound the Alarm

The CoinMarketCap hack was initially detected by community members and platforms like MetaMask and Phantom. A user called Jet on X shared a post, citing, “Both Metamask and Phantom have red-flagged it!”

While MetaMask provided a warning that the website seems harmful, Phantom revealed, “coinmarket.com is blocked.” Both platforms deemed CoinMarketCap “unsafe” to use at that moment.

Meanwhile, many users on X suspected the pop-up was a phishing attempt, a common crypto scam where hackers trick victims into divulging personal data or private keys. Crypto sleuth Jameson Lopp highlighted the security issue, adding that the hackers are intending to drain the users’ crypto wallets. Another user, Auri, reported that the notification prompted users to connect their wallet and subsequently request approvals for ERC-20 tokens. Other users have also warned against the CoinMarketCap hack, cautioning, “DO NOT VERIFY WALLET.”