Crypto news outlet Cointelegraph has confirmed that its website was compromised in a front-end exploit used to promote a fraudulent token airdrop and steal from users.
It said in a statement on X on Sunday night that they were aware of the “fraudulent pop-up” and were “actively working on a fix”.
“Do not click on these pop-ups, connect your wallets [or] enter any personal information,” it warned.
Decrypt has approached Cointelegraph for comment.
The pop-up falsely claims users have been selected for a giveaway of a new token, purportedly part of a "fair launch initiative" by Cointelegraph to reward loyal readers.
It displayed a fabricated token price and promised users over $5,500 worth of tokens if they connected their crypto wallets. It also claimed security firm CertiK had audited the smart contract.
The method used mirrors a similar front-end attack on the price aggregator CoinMarketCap, which occurred just two days prior.
In that case, visitors to the site saw pop-ups requesting wallet connections for verification purposes. CoinMarketCap later confirmed malicious code had been injected into the site and it was removed.
Both incidents represent a growing wave of phishing attacks targeting crypto platforms via compromised user interfaces.
In these scams, victims are lured into connecting wallets under false pretenses—such as receiving tokens or confirming identity—and then see their accounts drained by the attacker.
According to blockchain intelligence firm TRM Labs, phishing schemes and malware-based infrastructure attacks made up 70% of the $2.2 billion stolen in crypto-related hacks in 2024.
The Cointelegraph attack comes just days after security researchers disclosed a massive data dump containing over 16 billion stolen login credentials, including access to accounts on platforms like Google, Telegram, Facebook, and GitHub.
The trove was likely assembled from infostealer malware, credential stuffing, and prior leaks.
Edited by Sebastian Sinclair
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
