23.06.2025 13:07

Cybercriminals have shifted their tactics, moving beyond targeting cryptocurrency exchanges to compromising high-traffic informational websites. This significant change in strategy was recently highlighted by incidents affecting CoinMarketCap and Cointelegraph, two prominent sources of cryptocurrency news and data. Both platforms fell victim to sophisticated attacks leveraging malicious JavaScript code injected through their advertising infrastructure.

The attacks involved cunningly disguised banner ads, mimicking legitimate ad platforms like AdButler, to surreptitiously deliver harmful scripts. Security researchers, using tools such as Scam Sniffer, traced the malicious code back to these deceptive advertisements, exposing the sophisticated nature of the attacks. This evolution underscores the increasingly sophisticated and adaptable nature of crypto-related scams.

This recent wave of attacks follows a concerning trend. After previously concentrating efforts on directly compromising exchanges and trading platforms to steal user funds, malicious actors are now focusing on influential information websites to reach a broader audience of daily users. Binance CEO, Changpeng Zhao (CZ), publicly acknowledged this concerning trend, emphasizing the need for heightened user vigilance, particularly when prompted to authorize wallet connections. His warning came on the heels of another significant event: the theft of $82 million from Iranian cryptocurrency exchange Nobitex just the previous week.

Specifically, the CoinMarketCap breach, occurring on June 20th, 2025, involved a front-end compromise resulting in a fraudulent wallet connection request appearing on the homepage. The source of the vulnerability was identified as a compromised doodle image containing malicious JavaScript. This image, through an API call, triggered the deceptive pop-up, temporarily disrupting the platform's functionality. CoinMarketCap's swift response included a public acknowledgment of the vulnerability and a commitment to reimbursing affected users. Preliminary blockchain analysis revealed 39 victims, suffering a combined loss of approximately $18,570 – all of which were subsequently reimbursed by CoinMarketCap. CZ's tweet, issued two days after the incidents, served as a stark reminder of the ever-evolving landscape of cryptocurrency security threats and the importance of constant caution.