Close Menu
    News

    Cointelegraph Website Hacked in Fake Token Airdrop Scam

    Cointelegraph website was hacked with fake token airdrop pop-ups following similar CoinMarketCap attack, highlighting growing crypto phishing threats.
    Trader EdgeBy 3 Mins Read

    TLDR

    • Cointelegraph website compromised by front-end exploit showing fake CTG token airdrop pop-ups promising $5,500 worth of tokens
    • Attackers used fraudulent CertiK audit claims to make the scam appear legitimate and trick users into connecting wallets
    • Similar attack hit CoinMarketCap just two days earlier using identical phishing tactics
    • Both incidents part of growing wave of crypto platform compromises that hijack trusted sites to bypass user suspicion
    • Phishing schemes and malware attacks accounted for 70% of $2.2 billion stolen in crypto hacks during 2024

    Major crypto news outlet Cointelegraph confirmed its website was compromised Sunday in a front-end exploit that displayed malicious pop-ups to visitors. The attack targeted users with fake token giveaways designed to steal cryptocurrency from connected wallets.

    Source: Cointelegraph

    The fraudulent banner claimed to offer “CoinTelegraph ICO Airdrops” and “CTG tokens” worth nearly $5,500 to users. Attackers presented the scheme as a legitimate “fair launch initiative” to reward loyal readers of the crypto news platform.

    The pop-up included fabricated token pricing information and falsely cited a security audit from CertiK to add credibility. Users were prompted to connect their crypto wallets to claim the supposed rewards, which would have given attackers access to drain funds.

    Cointelegraph quickly issued warnings on social media platform X, telling users not to interact with the pop-ups. “Do not click on these pop-ups, connect your wallets, or enter any personal information,” the company stated while confirming they were working on a fix.

    The attack method mirrors an identical exploit that hit CoinMarketCap just two days earlier. In that incident, visitors saw similar wallet connection prompts disguised as verification requests before the malicious code was identified and removed.

    Both attacks represent part of a broader trend of cybercriminals targeting crypto platforms through compromised user interfaces. The tactics exploit the trusted nature of established websites to bypass typical user skepticism about suspicious links or offers.

    Growing Threat to Crypto Platforms

    These front-end exploits have become increasingly common as attackers seek new ways to access cryptocurrency holdings. The method involves injecting malicious code into legitimate websites that users already trust and visit regularly.

    Victims typically connect their wallets believing they are claiming rewards or completing verification processes. Once connected, attackers can immediately drain funds from the compromised accounts through automated smart contracts.

    The timing of both attacks suggests coordinated efforts by the same threat actors. Security researchers have noted the identical presentation and messaging used across both the Cointelegraph and CoinMarketCap incidents.

    According to blockchain intelligence firm TRM Labs, phishing schemes and malware-based attacks made up 70% of the $2.2 billion stolen in cryptocurrency-related hacks throughout 2024. These statistics highlight the scale of the ongoing threat to crypto users and platforms.

    Recent Security Breaches

    The Cointelegraph attack occurred just days after security researchers disclosed a massive data dump containing over 16 billion stolen login credentials. The breach included access to accounts on major platforms like Google, Telegram, Facebook, and GitHub.

    Researchers believe the credential trove was assembled through infostealer malware, credential stuffing attacks, and previous data leaks. This type of stolen information often enables subsequent attacks on crypto platforms and user accounts.

    The combination of compromised credentials and front-end exploits creates multiple attack vectors for cybercriminals. Users may face threats both from their stored login information and from visiting compromised websites they previously trusted.

    Both Cointelegraph and CoinMarketCap have since removed the malicious code from their websites and restored normal operations.

    Avatar photo

    📈 Futures & Crypto Trader 🔍 Sharing charts, strategies, & mindset tips to help you level up 🚨 Not Financial Advice Follow on X @Pro_Trader_Edge

    Related Posts

    BC Game Crypto: 100% Bonus & 400 Free Casino Spins, Claim Here!