Security Alert: CoinMarketCap Identifies And Eliminates Rogue Wallet Scam

bitcoinistPublished on 2025-06-21Last updated on 2025-06-22

Abstract

CoinMarketCap tackled a security scare on its website this week when a fake popup urged users to “Verify Wallet.” The...

Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure

CoinMarketCap tackled a security scare on its website this week when a fake popup urged users to “Verify Wallet.” The alert first appeared on Friday, prompting worries that hackers had slipped malicious code into the site. Within about three hours, CoinMarketCap said it had removed the offending script and began a deeper review of its system.

Malicious Popup Hits Site

According to CoinMarketCap’s post on its official X account, the popup was not part of any planned update. Based on reports from users on social media, it asked visitors to connect their wallets and approve ERC‑20 token transactions. That kind of prompt can lead to wallet theft or unwanted transfers if people click through. CoinMarketCap warned everyone not to connect their wallets until the issue was fixed.

Wallet Extensions Sound Alarm

MetaMask and Phantom, two popular browser‑based crypto wallets, flagged the page as unsafe almost immediately. A crypto user noted that Phantom’s extension showed a warning stating the site was “unsafe to use.” Those built‑in alerts likely saved many users from falling for the scam, since both wallets routinely check for suspicious code before letting you sign any requests.

Image: CoinMarketCap

User Data At Risk

Based on reports from crypto community members, the popup specifically asked for approvals that could give hackers control over tokens in affected wallets. Phishing scams like this thrive on tricking users into handing over private keys or signing away permissions. CoinMarketCap’s quick action stopped the popup, but it serves as a reminder that even top sites can be targets.

Total crypto market cap currently at $3.17 trillion. Chart: TradingView

Past Security Breach Looms

This isn’t the first time CoinMarketCap has faced a breach. Back in October 2021, hackers stole over 3 million email addresses from the site. Those emails later appeared on hacking forums and were flagged by Have I Been Pwned. Now, almost four years later, a new attack vector—injecting code rather than stealing data—shows how threats keep changing.

Image: South African Business Integrator

Calls For Stronger Security

CoinMarketCap said its team is “continuing to investigate and taking steps to strengthen our security.” It did not share a full timeline for its audit, but noted that users should stay alert for any future alerts on X or other channels. Security experts say adding multi‑factor checks on code changes and regular scans for injected scripts can cut down on risks.

Advice For Crypto Users

Experts recommend that users treat any unexpected “connect wallet” prompt with suspicion, even on trusted sites. Using hardware wallets or browser extensions that clearly list requested permissions can help you spot shady prompts. Keeping your browser and wallet software up to date is equally key. In the fast‑moving world of crypto, personal caution remains one of the best defenses.

Featured image from Bleeping Computer, chart from TradingView

Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.

Christian, a journalist and editor with leadership roles in Philippine and Canadian media, is fueled by his love for writing and cryptocurrency. Off-screen, he's a cook and cinephile who's constantly intrigued by the size of the universe.

Related Reads

Apple Sues OpenAI Sparking Feud, Musk Slams Altman for Fraud, Altman Retorts with 'Space Data Center' Boast

Apple Sues OpenAI as Musk-Altman Feud Escalates The public feud between Elon Musk and OpenAI CEO Sam Altman intensified, coinciding with their respective AI companies launching flagship models in the same week, highlighting fierce competition. On July 11, Musk posted on X, accusing Altman of taking "fraud to the next level" regarding OpenAI's commercial practices. Altman fired back, sarcastically suggesting Musk was the one selling "short-term space datacenter" concepts to public market investors. Musk countered with allegations that Altman "stole an open-source AI charity" and, amid Apple's recent lawsuit, "stole all of Apple's phone tech." He mockingly referenced Altman needing a "parole officer's" approval to travel. This exchange occurred against the backdrop of a significant legal development: Apple filed a lawsuit against OpenAI in a California federal court, alleging the AI company deliberately solicited Apple employees to leak confidential information on unreleased products to aid its own hardware plans. Apple demands OpenAI cease this activity, destroy proprietary materials, and redesign upcoming products. OpenAI responded, stating it has no interest in other companies' trade secrets and remains focused on innovation. This lawsuit could profoundly impact their two-year partnership where OpenAI provides key tech for Apple Intelligence and Siri. The rivalry extended to product releases. OpenAI launched GPT-5.6, while Musk's SpaceXAI unveiled Grok 4.5. Both are positioned as AI agents capable of multi-step tasks. GPT-5.6 is noted for strengths in broad reasoning, business workflows, and cybersecurity. Grok 4.5 is highlighted for higher efficiency in autonomous programming and developer workflows, with lower usage costs than GPT-5.6, though OpenAI's model reportedly still leads in areas like abstract reasoning. The differing strengths offer distinct choices for enterprises and developers based on their specific needs.

marsbit38m ago

Apple Sues OpenAI Sparking Feud, Musk Slams Altman for Fraud, Altman Retorts with 'Space Data Center' Boast

marsbit38m ago

Robinhood Chain's Success Proves Ethereum is Not Dead

Robinhood Chain's success demonstrates that Ethereum's L1+L2 model is thriving, not dying. Traditional crypto projects often focused on token sales and chose infrastructure to maximize token value. However, real-world businesses building cash-based products make different, pragmatic choices. When launching its chain, Robinhood chose Ethereum as its base layer and built a custom L2 using Arbitrum technology. It uses Ethereum blobs for data availability, ETH for gas, and relies on Ethereum for security. This mirrors Coinbase's earlier decision to build Base as an Ethereum L2. These are not ideological choices but sound business decisions driven by needs for security, liquidity, control, and predictable economics. The shift in the industry is from "token-centric" models to "cash business" models. Real companies serving broad user bases prioritize risk reduction, product improvement, and profit. For them, blockchain is infrastructure. The Ethereum L1+L2 "barbell" structure is ideal: the highly decentralized, neutral, and liquid L1 for settlement and security, combined with customizable, high-performance L2s for execution. This trend is positive for Ethereum and ETH. As more real businesses build on it, ETH becomes more integrated, distributed, and useful, strengthening its network effects and monetary premium. Robinhood's path—starting on an existing L2 and graduating to a dedicated one—is likely to become a standard playbook, proving the enduring utility of Ethereum's layered architecture for serious commercial adoption.

Odaily星球日报56m ago

Robinhood Chain's Success Proves Ethereum is Not Dead

Odaily星球日报56m ago

Tencent Heavily Invests in an IPO

"Tencent-Backed DPU Unicorn Leopard Cloud Intelligence Files for IPO on Shenzhen's ChiNext Board" Leopard Cloud Intelligence, a Shenzhen-based developer of Data Processing Unit (DPU) chips, has officially applied for an IPO on the ChiNext Board, aiming to become China's first publicly listed DPU company. Founded in August 2020 by Dr. Xiaoyang Xiao, a Stanford PhD graduate and serial entrepreneur who previously co-founded chip company RMI (acquired by Broadcom), the company focuses on the high-growth DPU sector. Its development accelerated following NVIDIA's formal introduction of the DPU concept in late 2020. The company has developed China's first high-performance, general-purpose programmable DPU SoC chip, boasting 400Gbps network bandwidth and claiming significant performance improvements and power savings over traditional solutions. Financially, Leopard Cloud's revenue grew exponentially from RMB 170,000 in 2023 to RMB 370 million in 2025, yet it remains unprofitable with substantial net losses. Its IPO application utilizes ChiNext's recently introduced fourth set of listing standards, which emphasize R&D and market valuation over short-term profitability. Tencent is the company's most significant backer and largest shareholder, holding a 19.78% stake after participating in multiple funding rounds. Other prominent investors include Sequoia Capital China, Shenzhen Capital Group, Five Dimensions Capital, and various government-guided funds from Shenzhen and Hangzhou. Pre-IPO, the company was valued at over RMB 14 billion. This listing is seen as a milestone for Shenzhen's semiconductor industry, complementing the recent successful IPO review of Yuexin Semiconductor (a Guangzhou-based wafer manufacturer) and signaling a wave of high-end hardware technology companies from the Greater Bay Area going public on the ChiNext Board.

marsbit1h ago

Tencent Heavily Invests in an IPO

marsbit1h ago

Trading

Spot
活动图片