21.06.2025 01:55

On June 20th, 2025, a significant security breach targeted CoinMarketCap, a prominent cryptocurrency data aggregator. The attack manifested as unauthorized pop-up messages demanding users verify their cryptocurrency wallets, prompting immediate concerns within the crypto community. These malicious pop-ups hijacked the platform's frontend, misleading users into potentially compromising their digital assets.

Further investigation by Coinspect Security revealed the source of the breach. A vulnerability in CoinMarketCap's backend API, specifically within its rotating "doodles" feature, was exploited. Malicious JavaScript code was injected via manipulated JSON payloads delivered through this API. The inconsistent nature of the doodles meant not every user encountered the attack, highlighting the sophisticated and targeted nature of the exploit. This injection leveraged the Lottie animation format, a commonly used JSON-based animation file, underscoring the potential vulnerability of this widely adopted technology.

CoinMarketCap swiftly responded to the incident, acknowledging the compromised frontend and explicitly warning users against connecting their wallets. Their ongoing investigation aims to fully understand the extent of the breach and implement comprehensive security measures. The company's proactive communication reassured users and underscored their commitment to resolving the issue.

Interestingly, this wasn't an isolated incident. On the same day, another prominent cryptocurrency website, as reported by Crypto Briefing, experienced a similar attack. Though distinct from the CoinMarketCap breach, it involved a deceptive "exclusive airdrop" pop-up, also attempting to trick visitors into connecting their wallets. This parallel incident highlights a wider potential vulnerability within the cryptocurrency ecosystem, prompting calls for heightened security awareness and proactive mitigation strategies across the industry. The investigation into both incidents continues, with lessons to be learned regarding the security of backend APIs and the potential for exploitation of widely-used animation formats.