Investigation in Progress: CoinMarketCap Eliminates Deceptive Wallet Prompt
In mid-June 2025, reports of a suspicious activity on CoinMarketCap's site circulated on social media. The incident, it appears, was a targeted phishing attack designed to steal crypto assets through deceptive wallet verification requests.
The attackers exploited a vulnerability on CoinMarketCap's website, injecting malicious code that displayed a phishing popup prompting users to "Verify Wallet." This deceptive alert mimicked legitimate security verification and asked users to connect their crypto wallets and grant permissions to access ERC-20 tokens.
The malicious popup was identified as a potential phishing attempt by several crypto users and was flagged as "potentially deceptive" by the MetaMask wallet extension. Despite the short duration (a few hours), over 110 users lost approximately $45,000 in assets due to this breach.
CoinMarketCap responded swiftly, issuing warnings on their official social media channels and advising users not to interact with the popup or connect their wallets. They identified and removed the malicious code within about three hours of detection. The platform's security team is conducting an ongoing investigation to determine the full scope and origin of the breach, with plans to release further updates.
Experts emphasise the importance of vigilance, urging users to verify links, avoid unsolicited wallet connection requests, and use hardware wallets or multi-factor authentication. Users should never connect their wallets or approve token permissions in response to unsolicited popups or messages on crypto platforms, especially those asking for wallet verification.
The incident underscores the vulnerability of even major crypto platforms to sophisticated phishing and malware attacks. It highlights the necessity for continuous security audits, tighter control over third-party content, and enhanced user education to prevent such scams in the future.
CoinMarketCap's swift removal of the malicious code and clear communication helped mitigate damage and reinforced the importance of proactive security measures on high-traffic crypto websites. The domain of the CoinMarketCap site had been added to blocklists maintained by SEAL (Security Alliance), ChainPatrol, and MetaMask.
This article is provided for informational purposes only. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions. The article does not mention any crypto positions or assets held by Michaela.
Sources: [1] CoinMarketCap (2025). CoinMarketCap Statement on Recent Security Incident. [online] Available at: https://blog.coinmarketcap.com/statement-on-security-incident/ [2] The Block (2025). CoinMarketCap Suffers Malicious Pop-up Incident, Loses Over $45,000 in Assets. [online] Available at: https://www.theblockcrypto.com/post/113823/coinmarketcap-suffers-malicious-popup-incident-loses-over-45000-in-assets [3] Decrypt (2025). CoinMarketCap Phishing Attack: Here's What You Need to Know. [online] Available at: https://decrypt.co/87590/coinmarketcap-phishing-attack-heres-what-you-need-to-know [4] ZDNet (2025). CoinMarketCap Phishing Attack Exposed Inferno Drainer Crypto-Drainer. [online] Available at: https://www.zdnet.com/article/coinmarketcap-phishing-attack-exposed-inferno-drainer-crypto-drainer/
- The security incident on CoinMarketCap's site, which involved a phishing popup related to wallet verification, underscores the importance of cybersecurity in the fintech industry, particularly in crypto platforms that utilize technology for transactional purposes.
- The malicious popup on CoinMarketCap's site, which mimicked a security verification and sought to steal crypto assets, emphasizes the need for enhanced user education about phishing and malware threats in the cybersecurity environment.
- The ongoing investigation by CoinMarketCap's security team, aimed at determining the full scope and origin of the security breach, underscores the need for continuous security audits and tighter control over third-party content on high-traffic crypto websites to prevent similar incidents in the future.
