CoinMarketCap, which is one such cryptocurrency price-tracking website, confirmed eliminating harmful scripts that launched a wallet verification scam. The harmful scripts started an unlawful pop-up asking customers to verify their crypto wallets through direct verification on the official website interface.
Security responded after several crypto users on X (the old Twitter) posted about this strange wallet verification pop-up. The security team removed the harmful pop-up later and confirmed that they’re still working to identify where it originated and what it impacted.
The phishing pop-up false message asked users to connect their wallets and thereafter to allow ERC-20 token approvals. It is an all-too-common scam, in industry parlance called phishing, where attackers trick victims into allowing access to private keys or money.
Some users feared that hackers assumed control of the site or embedded code posing as official CoinMarketCap tools. Phantom Wallet users said that they received notifications that the site isn’t safe, which blocked them from interacting with the malicious content.
CoinMarketCap warns users to stay alert
Both MetaMask and Phantom, two well-established issuers of digital asset wallets, soon took notice of the scam and informed their communities. Phantom’s browser extension applied a red flag warning label, notifying that CoinMarketCap’s domain could be unsafe for user security.
CoinMarketCap also warned users not to click on any wallet prompts, alleging that their technical team works actively to investigate and incorporate protective layers. Their public remark came hours after initial reports on social media, indicating an immediate bid to correct and manage the situation.
This event reminded one of an earlier large data breach that had impacted CoinMarketCap in October 2021. At that time, hackers leaked over 3.1 million user email addresses and resold them on dark-market hacking communities. The data breach first came to light through “Have I Been Pwned,” an internet service that tracks leaked information.
CoinMarketCap, at this moment, has removed the scam pop-up, but users should still be careful during wallet verification. The website notified everyone that it is still investigating and will share more information once it confirms the scope.
