CoinMarketCap Hack Leads to Fake Wallet Verification Pop-up, Issue Quickly Resolved

Highlights:

• CoinMarketCap removed the fake wallet pop-up after users flagged it as suspicious activity.
• A doodle image triggered harmful code, leading to a phishing-style wallet verification prompt.
• MetaMask and Phantom flagged the site, warning users not to connect their crypto wallets.

On Friday, CoinMarketCap revealed on X that it had taken down a fraudulent pop-up that asked users to verify their crypto wallets. The team added that investigations are ongoing, and efforts are underway to enhance the platform’s security. This update followed within three hours of users raising concerns about the suspicious notification on social media.

Update: We've identified and removed the malicious code from our site.

Our team is continuing to investigate and taking steps to strengthen our security.

— CoinMarketCap (@CoinMarketCap) June 21, 2025

Malicious Doodle on CoinMarketCap Sparks Major Phishing Scare

In a later update, CoinMarketCap explained that the issue came from a doodle image on its homepage. The image was connected to an outside link that ran unauthorized JavaScript, which caused the fake wallet prompt to appear. 

CoinMarketCap explained:

“Our security team identified a vulnerability related to a doodle image displayed on our homepage. This doodle image contained a link that triggered malicious code through an API call, resulting in an unexpected pop-up for some users when visited our homepage.”

MetaMask and Phantom quickly reacted, warning users and helping them avoid the scam. Another user, Jet, shared that both wallets had immediately flagged the threat to protect users. Several crypto users on X believed it was a phishing scam designed to trick people into revealing their private keys or sensitive details. Such scams often involve hackers using compromised or fake accounts to share links that seem trustworthy. Phantom’s browser extension flagged CoinMarketCap as “unsafe to use.”

🚨 SECURITY ALERT 🚨
We're seeing reports that @CoinMarketCap's front end has been compromised and is trying to trick people into linking their wallets, presumably to drain them. pic.twitter.com/a0JREDSPvS

— Jameson Lopp (@lopp) June 20, 2025

CoinMarketCap confirmed it had removed all harmful scripts and files and added new security measures to stop future attacks.

The data firm stated:

“We’re actively monitoring user feedback and our support team is standing by to ensure all inquiries are promptly addressed. We are committed to maintaining the highest standards of security and transparency, and we thank you for the continued trust of our community”.

CoinMarketCap Breach Highlights Alarming Rise in Crypto Crime

CoinMarketCap, owned by Binance, is a leading crypto platform and is often targeted by bad actors due to its strong reputation. The platform urged users to stay cautious, avoid connecting wallets to random pop-ups, and only trust official sources. While the cause of the breach hasn’t been revealed, CoinMarketCap says it will continue reviewing and strengthening its security. The incident comes almost four years after CoinMarketCap’s October 2021 hack, which exposed over 3.1 million user email addresses.

Illegal crypto use hit $40.9 billion last year, according to Chainalysis. This number could grow as more wallet links are found. Crypto hacks caused $2.2 billion in losses, 21% more than last year. North Korean groups like Lazarus and Tradetraitor did over 60% of these hacks. One major attack was the $300 million theft from Japan’s DMM Bitcoin exchange. But hacks aren’t the only problem. Criminals are also using crypto to hide money from scams, fake romance tricks, drugs, and violence.