What the CoinMarketCap and Cointelegraph Hacks Mean for Your Crypto Wallet Safety

If you checked crypto prices on CoinMarketCap over the weekend of June 20 to 22, 2025, or browsed Cointelegraph for news, your wallet might have been at risk. Both platforms were compromised in coordinated supply chain attacks that served malicious pop-ups to visitors, attempting to drain connected crypto wallets. In total, 76 CoinMarketCap users lost a combined $21,624.47. Here is what happened and what you need to know to stay safe.

The Basics

Supply chain attacks target the trust relationships between platforms and their third-party dependencies rather than attacking the platform itself. In the CoinMarketCap incident, attackers did not hack CoinMarketCap’s servers. Instead, they compromised a third-party decorative image called a “doodle” that loaded on the homepage through an external API call.

When visitors loaded the CoinMarketCap homepage, their browsers fetched this doodle image as usual. But the API response had been tampered with to include hidden JavaScript code. This code created a realistic-looking pop-up that asked users to connect their crypto wallets. Anyone who clicked “Connect Wallet” and approved the connection had their credentials sent to attacker-controlled servers.

The Cointelegraph breach worked similarly. Attackers compromised the banner advertising system on June 21 to display a fake airdrop promotion that prompted wallet connections. Both attacks were linked to Inferno Drainer, a criminal service that provides ready-made phishing toolkits to scammers.

Why It Matters

These incidents matter because they target the most basic assumption in crypto security: that visiting a legitimate, well-known website is safe. If CoinMarketCap, which is owned by Binance and serves millions of monthly visitors, can be compromised through a third-party widget, then no platform is truly immune.

The attack also highlights a broader vulnerability. As the crypto ecosystem has grown, platforms have increasingly relied on third-party services for advertising, analytics, content delivery, and interactive features. Each of these integrations represents a potential attack surface that is outside the platform’s direct control. Bitcoin was trading at approximately $105,578 on June 23, and Ethereum was near $2,422, meaning that even casual users holding modest amounts of cryptocurrency had meaningful value at stake.

Getting Started Guide

Protecting yourself from supply chain attacks on trusted websites requires a combination of behavioral habits and technical tools. Here is what you should do starting today.

1. Use a hardware wallet for significant holdings. Hardware wallets like Ledger or Trezor store your private keys on a physical device that never exposes them to your computer’s browser. Even if a malicious script runs on CoinMarketCap, it cannot extract your private keys from a hardware wallet. Any transaction requires physical confirmation by pressing a button on the device.

2. Never connect your wallet through unexpected pop-ups. Legitimate platforms will never prompt you to connect your wallet through an overlay or pop-up that appears without you taking an explicit action. If you see a wallet connection prompt that you did not initiate, close the tab immediately.

3. Keep browser wallets locked when not in use. If you use MetaMask, Phantom, or similar browser wallets, keep them locked unless you are actively transacting. A locked wallet cannot be connected by a malicious script without your explicit interaction.

4. Use a dedicated browser profile for crypto activities. Creating a separate browser profile with only your crypto wallet extensions installed reduces the attack surface. Use this profile exclusively for DeFi interactions, and browse general websites in a different profile without wallet extensions.

5. Regularly revoke token approvals. Even if you connected your wallet to a malicious site, the damage can be limited if you revoke approvals promptly. Use tools like Revoke.cash or Etherscan’s token approval checker to review and remove any approvals you do not recognize.

Common Pitfalls

Many crypto users assume that because a website is popular and well-funded, it must be secure. The CoinMarketCap attack disproves this assumption entirely. Supply chain attacks bypass server-side security measures like firewalls and intrusion detection because the malicious code runs in your browser, not on the platform’s servers.

Another common mistake is assuming that “connecting” a wallet is a read-only operation. When you connect your wallet to a website, you grant it varying levels of access depending on what the site requests. A malicious script can request permission to spend your tokens, not just view your balance.

Users also frequently ignore the details of wallet connection prompts. Scammers rely on the fact that most people click through approval screens quickly. Taking five seconds to read what permissions a site is requesting can prevent significant losses.

Next Steps

If you visited CoinMarketCap between June 20 and 22 and connected your wallet through a pop-up, take immediate action. Revoke all token approvals granted during that period, transfer remaining assets to a new wallet address, and consider upgrading to a hardware wallet for future use. For everyone else, treat this incident as a wake-up call to review your wallet security practices. The next trusted website you visit might be the one that gets compromised.

Disclaimer: This article is for educational purposes only and does not constitute financial or security advice. Always conduct your own research and consult with security professionals regarding digital asset protection.