CoinMarketCap Front-End Compromise Connect Wallet Phishing
Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
In a recent security incident, CoinMarketCap (CMC), a widely trusted cryptocurrency data platform, was exploited through a malicious wallet-draining attack that took advantage of its high traffic and user trust. Users were tricked into connecting their crypto wallets to what appeared to be a legitimate CMC feature—something that didn’t raise immediate suspicion given CMC's existing account tools and messaging capabilities. Once connected, the malicious code drained funds from the wallets. A total of 76 accounts were affected, with combined losses of $21,624.47 USD. The code remained active for several hours before being detected and removed. CoinMarketCap has since reinforced its security, promised full reimbursement to affected users, and launched a support portal for claims, though the exact method of the exploit remains undisclosed.[1][2][3][4][5][6][7][8]
About CoinMarketCap
CoinMarketCap (CMC) is a leading cryptocurrency data website founded in 2013 by Brandon Chez in New York City. Often referred to as the “Home of Crypto,” its mission is to organize global crypto intelligence and make it easily accessible. It provides real‑time pricing, market capitalizations, trading volumes, circulating supply, and detailed historical charts for thousands of digital assets. CMC has also expanded its offerings with features like developer APIs, on‑chain analytics, an educational portal (CMC Academy), a portfolio tracker, and mobile apps for both iOS and Android.
Over time, CoinMarketCap has introduced several industry‑first innovations. In 2019, it launched a liquidity metric to combat fake trading volumes and formed the Data Accountability and Transparency Alliance to improve reporting standards. It also created benchmark crypto indices—such as CMC‑200 and CMC‑200 ex‑BTC—underwritten by Solactive AG, which are now tracked on platforms like Nasdaq and Bloomberg. In August 2022, CMC added its on‑chain explorer, DexScan, and a Telegram price bot. It also later integrated a Fear & Greed Index and ChatGPT plugin, continually enhancing its tools and user experience.
The platform is widely regarded as a trusted and unbiased source of cryptocurrency market data. It is regularly cited in major financial media—such as Forbes, Bloomberg, CNBC, Vice, and The New York Times—and even referenced for research by U.S. government agencies. Purchased by Binance in April 2020, CoinMarketCap continues to operate independently and remains one of the most visited cryptocurrency resources globally, drawing hundreds of millions of users annually via its website, apps, newsletters, and social media channels.
About Wallet Verification Screen
The CoinMarketCap website displayed a notification requesting users to connect their wallet.
Verify Your Wallet
Please connect your wallet now to authenticate and maintain full access to your CoinMarketCap account and platform features.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
CoinMarketCap was exploited by a malicious wallet-draining attack that deceived users into connecting their crypto wallets, resulting in $21,624.47 in losses across 76 accounts.
| Date | Event | Description |
|---|---|---|
| June 20th, 2025 1:44:11 PM MDT | RealScamSniffer Blocks Threat | RealScamSniffer reports that they blocked the threat, by flagging CoinMarketCap as a "Deceptive site" and "potentially dangerous". Users who enabled the ScamSniffer plug-in would have been warned with a large red screen. |
| June 20th, 2025 5:01:00 PM MDT | CoinMarketCap Posts Warning | CoinMarketCap posts a warning to alert users that they are aware of the dangerous pop-up appearing on their website. Their "team is actively investigating and working to resolve the issue". |
| June 20th, 2025 5:38:00 PM MDT | Video Of Draining Published | A video of the draining permission in action is published by apoorv.eth. |
| June 20th, 2025 6:22:00 PM MDT | RealScamSniffer Post Made | RealScamSniffer posts on Twitter/X with details about the CoinMarketCap website exploit. They include screenshots and more detailed information about the website source code. |
| June 20th, 2025 7:38:00 PM MDT | CoinMarketCap Removed Code | CoinMarketCap reports that they have now managed to remove the malicious code from their website. They are continuing to investigate and strengthen security. |
Technical Details
The exploit relied on the high volume of traffic which CoinMarketCap receives and the high degree of trust that many users place on the CoinMarketCap platform.
Many services offer feature where wallets can be connected to the interact with the service, such as the post messages or interact with others. CoinMarketCap has an account feature where users can keep watchlists and post messages. Therefore, the concept of CoinMarketCap requesting a wallet connection wasn't entirely unreasonable, and didn't trigger the concern of users.
Once users connected their wallets, the malicious service would invoke code to drain the wallet.
Total Amount Lost
CoinMarketCap reports that a total of 76 accounts were affected, and losses amounted to $21,624.47 USD.
The total amount lost has been estimated at $22,000 USD.
Immediate Reactions
The malicious wallet draining code remained online for several hours before CoinMarketCap was able to notice and ultimately remove it.
Ultimate Outcome
Upon concluding their investigation, CoinMarketCap agreed to compensate all users who were affected by the exploit. They report that "[s]ecurity measures have since been reinforced, and the platform remains fully operational".
Total Amount Recovered
CoinMarketCap is reportedly covering all losses for affected users. They provided a support portal for any users who were affected to request reimbursement.
The total amount recovered has been estimated at $22,000 USD.
Ongoing Developments
It is unclear how the attack was conducted. CoinMarketCap has released limited information about any vulnerabilities which may have been exploited in conducting the attack.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ RealScamSniffer - "CoinMarketCap's frontend has been compromised. Please be cautious." - Twitter/X (Accessed Jul 21, 2025)
- ↑ RealScamSniffer - "According to our data, we blocked this threat at approximately 2025-06-20T19:44:11.610Z." - Twitter/X (Accessed Jul 21, 2025)
- ↑ CoinMarketCap - "We’re aware that a malicious pop-up prompting users to "Verify Wallet" has appeared on our site. Do NOT connect your wallet. Our team is actively investigating and working to resolve the issue." - Twitter/X (Accessed Jul 21, 2025)
- ↑ CoinMarketCap - "Update: We've identified and removed the malicious code from our site. Our team is continuing to investigate and taking steps to strengthen our security." - Twitter/X (Accessed Jul 21, 2025)
- ↑ CoinMarketCap - "Our investigation is complete. A total of 76 accounts were affected, with losses amounting to $21,624.47. CoinMarketCap will reimburse the full amount." - Twitter/X (Accessed Jul 21, 2025)
- ↑ apoorveth - "CoinMarketCap is Hacked POV: you are getting drained (don't try this at home) " - Twitter/X (Accessed Jul 21, 2025)
- ↑ About CoinMarketCap (Accessed Jul 21, 2025)
- ↑ CoinMarketCap - Wikipedia (Accessed Jul 21, 2025)