CoinMarketCap Hit by Wallet Phishing Attack, $43K Stolen

CoinMarketCap, a top crypto data platform owned by Binance, was briefly compromised over the weekend after a malicious image on its homepage triggered a fake wallet connection prompt. 

The exploit, which involved a front-end supply-chain attack, led to the theft of approximately $43,000 in digital assets from unsuspecting users.

How the Attack Unfolded

The hackers embedded malicious JavaScript code into the homepage doodle image. When visitors loaded the site, this code triggered a fake pop-up that looked identical to the platform’s legitimate wallet connection requests. 

The prompt asked users to “Verify Your Wallet” by connecting popular wallets like MetaMask and Phantom. Once connected, the attackers were able to drain the wallets of their assets.

While the attack lasted only a short period, it was convincing enough to trick at least 110 users. Wallet security extensions flagged the site as suspicious during the incident.

Wider Impact Revealed

Cybersecurity analysts later linked the attack to a known phishing toolset called Inferno Drainer, which specializes in wallet-draining scams. 

The attackers targeted multiple cryptocurrencies, including Ethereum-based tokens, Solana (SOL) , Ripple (XRP), and several smaller ERC-20 tokens.

More than 1,300 wallet connection attempts were recorded, indicating the attack reached a broader user base than first thought.

CoinMarketCap Responded 

In response, CoinMarketCap quickly removed the malicious code and posted a warning on X, urging users not to connect their wallets through the suspicious prompt. 

The platform confirmed all systems are now fully operational and announced comprehensive measures have been put in place to prevent similar attacks in the future.

“We can confirm all systems are now fully operational, and CoinMarketCap is safe and secure for all users,” the company stated. 

How Users Can Protect Themselves

This incident highlights the crucial importance of digital hygiene for cryptocurrency users. Experts advise never connecting wallets through unsolicited pop-ups. Instead, wallet connections should always be initiated through official site navigation or trusted applications.

Regular updates to wallet extensions such as MetaMask and Phantom are essential. The latest versions often include improved threat detection features designed to block malicious activity before it can do harm.

Additionally, users should carefully monitor wallet permissions. Revoking unknown or unnecessary approvals using services like revoke.cash can limit exposure to future scams.

Why This Matters

The CoinMarketCap exploit serves as a reminder that even trusted crypto platforms can be vulnerable to supply-chain attacks. It also highlights the ongoing risks for users who fail to maintain strong security practices.

Explore DailyCoin’s popular crypto news:

Texas Approves Bitcoin Reserves. Here’s What Makes It Different
Trump Family Pulls Back from World Liberty Financial, Forbes Reports

People Also Ask: