On Sunday, crypto news outlet Cointelegraph confirmed that its website was breached by a front-end exploit. Attackers injected a fake pop-up banner claiming to offer “CoinTelegraph ICO Airdrops” and “CTG tokens.”
The message urged visitors to connect their crypto wallets to claim almost $5,500 in new tokens. Cointelegraph warned readers not to click, connect wallets, or enter any personal data.
Fake Giveaway Details
The injected banner stated that readers had been chosen for a giveaway tied to a so-called “fair launch initiative.” It showed a made-up token price and said that security firm CertiK had audited the smart contract.
Both claims were false. The pop-up aimed to trick users into signing transactions that could drain their wallets.
Immediate Warning Issue
In a post on X(Twitter), Cointelegraph urged visitors to ignore the pop-ups. The outlet said it was working to remove the malicious code and restore the normal site interface.
So far, it has not reported any wallet losses or data theft from its users, but the incident highlights the risks of trusting on-screen prompts without verifying their source.
Also Read: Bybit CEO Says 68.57% Of $1.4 B Hacked Funds Traceable, 27.59% Dark And 3.84% Frozen
CoinMarketCap Attack Two Days Earlier
This breach echoes a similar front-end attack on CoinMarketCap just two days before. In that case, visitors encountered pop-ups asking for wallet connections under the guise of site verification.
CoinMarketCap later confirmed that hackers had inserted malicious scripts, which it then removed. Both incidents show how attackers are targeting major crypto platforms.
Exploiting Trusted Platforms
By hijacking well-known sites, attackers hope to bypass user caution. News and data services carry built-in credibility that fake sites lack. When a reader sees a familiar logo and design, they are more likely to trust any prompt, even if it asks for sensitive actions like wallet connections.
These pop-up scams are part of a wider rise in phishing attempts against crypto platforms. According to blockchain intelligence company TRM Labs, 70% of the $2.2 billion taken in cryptocurrency breaches in 2024 came from malware-based attacks and phishing scams. Instead of focusing on serious protocol problems, fraudsters use social engineering.
Massive Data Dump Raises Concerns
Just days before the Cointelegraph attack, researchers revealed a huge leak of more than 16 billion stolen login credentials. The dump included passwords for services such as Google, Telegram, Facebook, and GitHub.
Although that breach did not directly involve Cointelegraph, it illustrates how user data can end up in the hands of cybercriminals.
User Vigilance Is Key
Experts say readers should treat any unexpected on-screen offer with suspicion. Legitimate sites rarely ask for wallet connections through pop-ups.
Instead, users should navigate directly to wallet interfaces or trusted apps when making transactions. Updating browsers and using script-blocking extensions can also reduce exposure to injected code.
Platform Security Measures
Both Cointelegraph and CoinMarketCap have pledged to harden their defences. They plan to review front-end code, tighten content security policies, and monitor for unauthorised changes. Regular audits and bug bounty programs can help catch vulnerabilities before attackers exploit them.
These incidents underscore how the crypto sector faces not only technical threats but also social-engineering risks.
Also Read: ODIN.FUN Co-Founder Bob Bodily Account Gets Hacked, Details Inside