CoinMarketCap Removes Phishing “Verify Wallet” Popup After Security Breach
- CoinMarketCap removed a malicious “Verify Wallet” popup injected through compromised animations that aimed to steal user funds.
- MetaMask and Phantom flagged the site as risky and advised users to revoke suspicious approvals and stay alert.
CoinMarketCap moved fast to shut down a sketchy “Verify Wallet” popup that suddenly showed up on its site, trying to trick users. The shady code was pulled within hours, and the team kicked off a deeper investigation to figure out how it got there.
A sketchy popup pretending to be a legit wallet check showed up on CoinMarketCap, asking people to connect their wallets and approve ERC‑20 tokens—basically a textbook phishing attempt. CoinMarketCap jumped on X to confirm they pulled the bad code right away and said the team’s still looking into it while tightening up site security.
The takedown happened in under three hours after users on social media started calling out the sketchy popup and warning others about the threat.
Wallets like MetaMask and Phantom jumped in fast, warning users as the phishing popup made the rounds. Phantom even slapped a red warning on CoinMarketCap, calling it “unsafe to use,” while users across crypto Twitter and on-chain watchers shared screenshots showing the prompt pushing people to connect wallets and approve ERC‑20 tokens—basically a setup to drain their funds.
Security researchers found that the phishing code slipped into CoinMarketCap through its rotating “Doodles” feature on the frontend. The attack came from tampered JSON files loaded via the site’s own API, which triggered the fake popup whenever certain doodles—like one called “CoinmarketCLAP”—were displayed to users.
Wallet Providers Flag the Site
Experts think the vulnerability came from the animation engine—likely Lottie—which let attackers sneak in harmful scripts through what looked like harmless doodle files. The exploit even pointed users to a known wallet-drainer contract, redirecting any approved tokens straight into the attacker’s hands.
Even though the malicious code was limited to the frontend, security pros are urging anyone who connected their wallet during the incident to revoke any token approvals immediately. Just visiting the site wasn’t enough to get drained, but if you clicked through the popup or signed anything, you might’ve already given up access without realizing it.
This isn’t the first time CoinMarketCap has run into trouble. Back in October 2021, over 3.1 million user email addresses were exposed in a data leak. Incidents like this keep showing how even trusted, high-traffic platforms in crypto can slip up—and when they do, it’s the users who get hit the hardest.
CoinMarketCap acted fast to shut down the phishing popup, showing they can move quickly when things go sideways. But the fact that a visual feature like a simple doodle was used to pull this off is a major red flag. It’s a wake-up call for platforms to double-check anything they’re pulling in from third-party tools, especially stuff like animations that usually fly under the radar.
Technical Analysis Reveals Backend Exploit
For everyday users, this is a solid reminder: never connect your wallet just because a random popup tells you to. Always double-check any signature or approval request directly in your wallet before hitting confirm. Make it a habit to review and revoke old token approvals, especially for contracts you don’t recognize. As crypto keeps growing, phishing attacks are only getting trickier, and sometimes they’re hiding in plain sight. Stay sharp.
Highlighted Crypto News
Binance Unveils Locked Addresses and Concentration Indicator to Boost Token Transparency
Read More
Can Solana (SOL) Hold Above $130 Before Q2 Ends?
Abraxas Capital Engages 10x Shorts on Major Cryptos
CoinMarketCap Removes Phishing “Verify Wallet” Popup After Security Breach
- CoinMarketCap removed a malicious “Verify Wallet” popup injected through compromised animations that aimed to steal user funds.
- MetaMask and Phantom flagged the site as risky and advised users to revoke suspicious approvals and stay alert.
CoinMarketCap moved fast to shut down a sketchy “Verify Wallet” popup that suddenly showed up on its site, trying to trick users. The shady code was pulled within hours, and the team kicked off a deeper investigation to figure out how it got there.
A sketchy popup pretending to be a legit wallet check showed up on CoinMarketCap, asking people to connect their wallets and approve ERC‑20 tokens—basically a textbook phishing attempt. CoinMarketCap jumped on X to confirm they pulled the bad code right away and said the team’s still looking into it while tightening up site security.
The takedown happened in under three hours after users on social media started calling out the sketchy popup and warning others about the threat.
Wallets like MetaMask and Phantom jumped in fast, warning users as the phishing popup made the rounds. Phantom even slapped a red warning on CoinMarketCap, calling it “unsafe to use,” while users across crypto Twitter and on-chain watchers shared screenshots showing the prompt pushing people to connect wallets and approve ERC‑20 tokens—basically a setup to drain their funds.
Security researchers found that the phishing code slipped into CoinMarketCap through its rotating “Doodles” feature on the frontend. The attack came from tampered JSON files loaded via the site’s own API, which triggered the fake popup whenever certain doodles—like one called “CoinmarketCLAP”—were displayed to users.
Wallet Providers Flag the Site
Experts think the vulnerability came from the animation engine—likely Lottie—which let attackers sneak in harmful scripts through what looked like harmless doodle files. The exploit even pointed users to a known wallet-drainer contract, redirecting any approved tokens straight into the attacker’s hands.
Even though the malicious code was limited to the frontend, security pros are urging anyone who connected their wallet during the incident to revoke any token approvals immediately. Just visiting the site wasn’t enough to get drained, but if you clicked through the popup or signed anything, you might’ve already given up access without realizing it.
This isn’t the first time CoinMarketCap has run into trouble. Back in October 2021, over 3.1 million user email addresses were exposed in a data leak. Incidents like this keep showing how even trusted, high-traffic platforms in crypto can slip up—and when they do, it’s the users who get hit the hardest.
CoinMarketCap acted fast to shut down the phishing popup, showing they can move quickly when things go sideways. But the fact that a visual feature like a simple doodle was used to pull this off is a major red flag. It’s a wake-up call for platforms to double-check anything they’re pulling in from third-party tools, especially stuff like animations that usually fly under the radar.
Technical Analysis Reveals Backend Exploit
For everyday users, this is a solid reminder: never connect your wallet just because a random popup tells you to. Always double-check any signature or approval request directly in your wallet before hitting confirm. Make it a habit to review and revoke old token approvals, especially for contracts you don’t recognize. As crypto keeps growing, phishing attacks are only getting trickier, and sometimes they’re hiding in plain sight. Stay sharp.
Highlighted Crypto News
Binance Unveils Locked Addresses and Concentration Indicator to Boost Token Transparency
Read More
Can Solana (SOL) Hold Above $130 Before Q2 Ends?