On June 21, 2025, the CoinMarketCap platform, one of the leading services for monitoring cryptocurrency prices, fell victim to a large-scale hacker attack. The attackers managed to breach the site’s frontend and injected malicious code, resulting in users being shown a phishing pop-up window prompting them to “confirm their wallet.”
This is reported by Finway
Incident Details and User Warnings
According to information from the Scam Sniffer project, the compromise of the CoinMarketCap site allowed hackers to display a fake message, urging users to connect their cryptocurrency wallets and confirm transactions involving ERC-20 tokens. This posed a serious threat to the security of users’ assets, as such actions could lead to the loss of access to personal funds.
“We are aware of the appearance of a malicious pop-up window on our site asking to ‘Confirm Wallet.’ DO NOT connect your wallet. The team is actively investigating the situation and working to resolve the issue.”
CoinMarketCap’s Response and Next Steps
Following the prompt response from the CoinMarketCap team, the malicious code was removed from the site, and the investigation into the incident is ongoing. Representatives of the platform stated that they are taking additional measures to enhance security and prevent similar attacks in the future.
It is worth noting that there has been a recent increase in the activity of hacker groups associated with North Korea. In particular, Famous Chollima has recently intensified attacks on representatives of the crypto sphere using new malware called PylangGhost, which is aimed at data theft.
Experts urge users of cryptocurrency services to be especially cautious, not to connect wallets to suspicious sites, and to always verify the authenticity of received messages.