Cointelegraph, CoinMarketCap Front-End Hacks Push Fake Token Airdrops

• Both Cointelegraph and CoinMarketCap have suffered front-end compromises that delivered fraudulent pop-ups to users.
• These incidents reinforce the need for ongoing vigilance from both platforms and users, especially as attackers use more sophisticated methods.
• In May 2025 alone, over $240 million was lost to crypto hacks.

Two leading crypto websites, Cointelegraph and CoinMarketCap, have confirmed separate but similar front-end hacks that are exposing users to fraudulent airdrop scams and malicious code.

The news comes as 2025 continues to be a testing time for the crypto industry, with losses totaling over $240 million in May alone.

Cointelegraph Hack

In the early hours of Monday, June 23, leading crypto publication Cointelegraph posted a warning about a fraudulent pop-up on its website.

The publication’s banner publishing system was reportedly “briefly compromised on June 21,” which resulted in an advert promoting a fake token airdrop to be shown to users.

“We are aware of a fraudulent pop-up falsely claiming to offer ‘CoinTelegraph ICO Airdrops’ or ‘CTG tokens’ that are appearing on our site,” the company said in an official statement on X.

The publication warned users against connecting their wallets to any pop-ups on the site, as well as refraining from entering any personal information.

After several hours following its first warning, Cointelegraph announced its team had “identified and resolved the issue by removing unauthorized code that briefly affected our system.”

The publication claimed it had “strengthened” its security controls to prevent any future security breaches.

CoinMarketCap Breach

Just a day earlier, on June 20, CoinMarketCap also acknowledged a front-end breach tied to a seemingly harmless homepage graphic.

According to the company, a “doodle image” displayed on its homepage contained a malicious link that exploited an API vulnerability.

When loaded, the image triggered an unexpected pop-up for some users.

The company claimed that its security team had acted quickly and immediately removed the problematic content.

It added that it had “identified the root cause” and implemented comprehensive measures “to isolate and mitigate the issue.”

The platform confirmed that all systems are now “fully operational” and emphasized that no deeper compromise had occurred.

Crypto Hacks Growing

These two incidents come as the complexity of phishing and scam operations in crypto continues to rise to worrying heights.

By compromising the front-end elements of well-known platforms, attackers can reach users with highly convincing interfaces in broad daylight.

In May 2025, 20 major crypto hacks were recorded, resulting in over $240 million in total losses. This marked a 39.29% decrease from April, which saw over $340 million stolen through crypto hacks.

The majority of crypto scams have been achieved through a mixture of targeted sophisticated scams and exploiting system vulnerabilities.

Last week, the Justice Department announced it had seized the largest-ever amount of crypto linked to “pig butchering” scams.

In a civil forfeiture action, prosecutors seized over $225 million in crypto, which reportedly could be traced to more than 400 victims worldwide.

“This seizure of $225.3 million in funds linked to cryptocurrency investment scams marks the largest cryptocurrency seizure in U.S. Secret Service history,” said U.S. Secret Service Shawn Bradstreet.