Azoundria: Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/cointelegraphwebsitectgfairtokenairdropphishing.php}} {{Unattributed Sources}} CoinTelegraph Logo/HomepageCointelegraph, a prominent cryptocurrency and blockchain news outlet, suffered a security breach involving malicious JavaScript injected through a third-party advertising service called "AdButler" on the domain adbutlerserve.com. The attack was trace..."

2025-07-25T23:49:45Z

Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/cointelegraphwebsitectgfairtokenairdropphishing.php}} {{Unattributed Sources}} thumb|CoinTelegraph Logo/HomepageCointelegraph, a prominent cryptocurrency and blockchain news outlet, suffered a security breach involving malicious JavaScript injected through a third-party advertising service called "AdButler" on the domain adbutlerserve.com. The attack was trace..."

New page

{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/cointelegraphwebsitectgfairtokenairdropphishing.php}}
{{Unattributed Sources}}

[[File:Cointelegraph.jpg|thumb|CoinTelegraph Logo/Homepage]]Cointelegraph, a prominent cryptocurrency and blockchain news outlet, suffered a security breach involving malicious JavaScript injected through a third-party advertising service called "AdButler" on the domain adbutlerserve.com. The attack was traced to the company's banner publishing system, which was briefly compromised. Although Cointelegraph acknowledged the issue and removed the malicious advertisement, it has not provided details on who was affected, the extent of the damage, or any ongoing investigation, nor has it offered support to potential victims of the phishing incident.<ref name="slowmistteamtweet-20379" /><ref name="realscamsniffertweet1-20380" /><ref name="realscamsniffertweet2-20381" /><ref name="realscamsniffertweet4-20382" /><ref name="cointelegraphtweet-20383" /><ref name="cointelegraphtweet1-20384" /><ref name="cointelegraphabout-20056" /><ref name="cointelegraphlinkedin-20057" /><ref name="cointelegraphchinese-20058" /><ref name="employbl-20059" /><ref name="pitchbook-20060" /><ref name="signalhire-20061" /><ref name="muckrack-20062" /><ref name="cryptocurrencyreddit-20063" />

== About CoinTelegraph ==
Founded in 2013, Cointelegraph is a privately held company specializing in cryptocurrency, blockchain, and fintech news. Cointelegraph is a leading independent digital media outlet. It delivers daily news, in-depth analysis, and educational content across various topics, including Bitcoin, Ethereum, decentralized finance (DeFi), non-fungible tokens (NFTs), and Web3. The platform is recognized for its comprehensive coverage, featuring expert opinions, price charts, and reports on the social impact of digital currencies.

Headquartered in the United States, Cointelegraph has expanded its presence internationally, with teams in over 30 countries. The company publishes more than 1,000 articles monthly and offers a range of resources, such as a mobile app, video content, and educational materials like "Cryptopedia" . Despite its prominence, Cointelegraph has faced criticism over the years for occasional inaccuracies and sensational headlines, which have led to discussions about its editorial practices within the crypto community.

In addition to its U.S. headquarters, Cointelegraph has expanded its global presence with offices in various countries, including China, Japan, South Korea, and the United Arab Emirates.
== About CoinTelegraph ICO - Airdrop ==
"You've been randomly selected for our CoinTelegraph (CTG) token fair distribution, as part of our community rewards program."

CoinTelegraph Token CTG ERC-20 50,000 CTG (~$5,490 USD) Your airdrop allocation Expires in 04:13. Wallet Connected. Processing Claim...

== The Reality ==
This sections is included if a case involved deception or information that was unknown at the time. Examples include:

* When the service was actually started (if different than the "official story").
* Who actually ran a service and their own personal history.
* How the service was structured behind the scenes. (For example, there was no "trading bot".)
* Details of what audits reported and how vulnerabilities were missed during auditing.

== What Happened ==
Cointelegraph experienced a phishing exploit through compromised third-party ad code, briefly affecting its banner system.
{| class="wikitable"
|+Key Event Timeline - CoinTelegraph Website CTG Fair Token Airdrop Phishing
!Date
!Event
!Description
|-
|June 22nd, 2025 4:41:51 PM MDT
|Real Scam Sniffer Blocked
|Real Scam Sniffer reports that their data indicates the threat on the CoinTelegraph website was detected and blocked at this time. A screenshot of a blocked page is included.
|-
|June 22nd, 2025 7:15:00 PM MDT
|Real Scam Sniffer Warning
|Real Scam Sniffer warns that the front-end of CoinTelegraph has been compromised. They include a screenshot of an airdrop giveaway.
|-
|June 22nd, 2025 7:30:00 PM MDT
|CoinTelegraph Confirms Awareness
|CoinTelegraph confirms being aware of the pop-up showing up on the website, and warns visitors not to click on the pop-up or connect any wallet addresses. They are "actively working on a fix".
|-
|June 22nd, 2025 9:17:00 PM MDT
|Warning Reposted By SlowMist
|The warning is reposted by SlowMist.
|-
|June 23rd, 2025 3:16:00 AM MDT
|CoinTelegraph Security Update
|CoinTelegraph posts an update to notify the community that the team has "identified and resolved the issue by removing unauthorized code that briefly affected our system". They have also "strengthened [thei]r security controls to prevent any similar occurrences in the future".
|}

== Technical Details ==
Visitors of CoinTelegraph were greeted with a pop-up advertisement which claimed they had been randomly selected to receive a free airdrop of new CTG tokens, with a reported value of $5,490 USD. The user was prompted to connect their wallet, which would likely be drained.

According to analysis from realScamSniffer, there was compromised JavaScript code coming from a third-party advertising software called "AdButler" on domain "adbutlerserve.com".

It's unclear if the advertising partner was compromised, or CoinTelegraph was tricked into applying JavaScript code which is from a fake advertising company. CoinTelegraph has attributed the failure to their "banner publishing system" being "briefly compromised".

== Total Amount Lost ==
It is unknown how many people fell victim to the CoinTelegraph website phishing.

The total amount lost is unknown.

== Immediate Reactions ==
After widespread detection and coverage, CoinTelegraph published a notice that they were aware of the issue on their website and working on a resolution.

== Ultimate Outcome ==
CoinTelegraph was ultimately able to remove the malicious advertisement, and subsequently posted an update to that effect.

== Total Amount Recovered ==
CoinTelegraph has not publicly offered any assistance for those affected.

There do not appear to have been any funds recovered in this case.

== Ongoing Developments ==
There is no clarity regarding who was affected by the incident, or what was lost. It is unclear if any investigation is continuing.
== Individual Prevention Policies ==
{{Prevention:Individuals:Placeholder}}

{{Prevention:Individuals:End}}

== Platform Prevention Policies ==
{{Prevention:Platforms:Placeholder}}

{{Prevention:Platforms:End}}

== Regulatory Prevention Policies ==
{{Prevention:Regulators:Placeholder}}

{{Prevention:Regulators:End}}

== References ==
<references><ref name="slowmistteamtweet-20379">[https://twitter.com/SlowMist_Team/status/1936987043428761689 SlowMist Team - "SlowMist TI Alert @Cointelegraph's frontend has been compromised. Stay vigilant!" - Twitter/X] (Accessed Jun 23, 2025)</ref>

<ref name="realscamsniffertweet1-20380">[https://twitter.com/realScamSniffer/status/1936956218423320916 realScamSniffer - "CoinTelegraph's frontend has been compromised. Please be cautious." - Twitter/X] (Accessed Jun 23, 2025)</ref>

<ref name="realscamsniffertweet2-20381">[https://twitter.com/realScamSniffer/status/1936956235095711797 realScamSniffer - "According to our data, we blocked this threat at approximately "2025-06-22T22:41:51.050Z"." - Twitter/X] (Accessed Jun 23, 2025)</ref>

<ref name="realscamsniffertweet4-20382">[https://twitter.com/realScamSniffer/status/1936956908533105089 realScamSniffer - "The malicious JS code appears to come from Cointelegraph's advertising system." - Twitter/X] (Accessed Jun 23, 2025)</ref>

<ref name="cointelegraphtweet-20383">[https://twitter.com/Cointelegraph/status/1937077253373866301 CoinTelegraph - "Cointelegraph’s banner publishing system was briefly compromised on June 21, resulting in a malicious advertisement promoting a fake token airdrop on our website. The team identified and resolved the issue by removing unauthorized code that briefly affected our system. We have strengthened our security controls to prevent any similar occurrences in the future." - Twitter/X] (Accessed Jun 23, 2025)</ref>

<ref name="cointelegraphtweet1-20384">[https://twitter.com/Cointelegraph/status/1936959898094583916 "ALERT: We are aware of a fraudulent pop-up falsely claiming to offer “CoinTelegraph ICO Airdrops” or “CTG tokens” that are appearing on our site." - Twitter/X] (Accessed Jun 23, 2025)</ref>

<ref name="cointelegraphabout-20056">[https://cointelegraph.com/about About CoinTelegraph] (Accessed Jun 9, 2025)</ref>

<ref name="cointelegraphlinkedin-20057">[https://www.linkedin.com/company/cointelegraph CoinTelegraph LinkedIn] (Accessed Jun 9, 2025)</ref>

<ref name="cointelegraphchinese-20058">[https://cointelegraph.com/news/cointelegraph-announces-chinese-hq-bolstering-its-international-expansion Cointelegraph Announces Chinese HQ, Bolstering Its International Expansion - CoinTelegraph] (Accessed Jun 9, 2025)</ref>

<ref name="employbl-20059">[https://www.employbl.com/companies/Cointelegraph/office-locations CoinTelegraph Office Locations - Employbl] (Accessed Jun 9, 2025)</ref>

<ref name="pitchbook-20060">[https://pitchbook.com/profiles/company/101170-54 Cointelegraph Company Profile 2024 - Pitchbook] (Accessed Jun 9, 2025)</ref>

<ref name="signalhire-20061">[https://www.signalhire.com/companies/cointelegraph Cointelegraph Overview - SignalHire Company Profile] (Accessed Jun 9, 2025)</ref>

<ref name="muckrack-20062">[https://muckrack.com/media-outlet/cointelegraph Cointelegraph: Contact Information, Journalists, and Overview - Muckrack] (Accessed Jun 9, 2025)</ref>

<ref name="cryptocurrencyreddit-20063">[https://www.reddit.com/r/CryptoCurrency/comments/oz6yr2 Another example why not to trust Cointelegraph - CryptoCurrency Reddit] (Accessed Jun 9, 2025)</ref></references>

CoinTelegraph Website CTG Fair Token Airdrop Phishing - Revision history