CoinTelegraph Website CTG Fair Token Airdrop Phishing

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

CoinTelegraph Logo/Homepage

Cointelegraph, a prominent cryptocurrency and blockchain news outlet, suffered a security breach involving malicious JavaScript injected through a third-party advertising service called "AdButler" on the domain adbutlerserve.com. The attack was traced to the company's banner publishing system, which was briefly compromised. Although Cointelegraph acknowledged the issue and removed the malicious advertisement, it has not provided details on who was affected, the extent of the damage, or any ongoing investigation, nor has it offered support to potential victims of the phishing incident.[1][2][3][4][5][6][7][8][9][10][11][12][13][14]

About CoinTelegraph

Founded in 2013, Cointelegraph is a privately held company specializing in cryptocurrency, blockchain, and fintech news. Cointelegraph is a leading independent digital media outlet. It delivers daily news, in-depth analysis, and educational content across various topics, including Bitcoin, Ethereum, decentralized finance (DeFi), non-fungible tokens (NFTs), and Web3. The platform is recognized for its comprehensive coverage, featuring expert opinions, price charts, and reports on the social impact of digital currencies.

Headquartered in the United States, Cointelegraph has expanded its presence internationally, with teams in over 30 countries. The company publishes more than 1,000 articles monthly and offers a range of resources, such as a mobile app, video content, and educational materials like "Cryptopedia" . Despite its prominence, Cointelegraph has faced criticism over the years for occasional inaccuracies and sensational headlines, which have led to discussions about its editorial practices within the crypto community.

In addition to its U.S. headquarters, Cointelegraph has expanded its global presence with offices in various countries, including China, Japan, South Korea, and the United Arab Emirates.

About CoinTelegraph ICO - Airdrop

"You've been randomly selected for our CoinTelegraph (CTG) token fair distribution, as part of our community rewards program."

CoinTelegraph Token CTG ERC-20 50,000 CTG (~$5,490 USD) Your airdrop allocation Expires in 04:13. Wallet Connected. Processing Claim...

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

Cointelegraph experienced a phishing exploit through compromised third-party ad code, briefly affecting its banner system.

Key Event Timeline - CoinTelegraph Website CTG Fair Token Airdrop Phishing
Date Event Description
June 22nd, 2025 4:41:51 PM MDT Real Scam Sniffer Blocked Real Scam Sniffer reports that their data indicates the threat on the CoinTelegraph website was detected and blocked at this time. A screenshot of a blocked page is included.
June 22nd, 2025 7:15:00 PM MDT Real Scam Sniffer Warning Real Scam Sniffer warns that the front-end of CoinTelegraph has been compromised. They include a screenshot of an airdrop giveaway.
June 22nd, 2025 7:30:00 PM MDT CoinTelegraph Confirms Awareness CoinTelegraph confirms being aware of the pop-up showing up on the website, and warns visitors not to click on the pop-up or connect any wallet addresses. They are "actively working on a fix".
June 22nd, 2025 9:17:00 PM MDT Warning Reposted By SlowMist The warning is reposted by SlowMist.
June 23rd, 2025 3:16:00 AM MDT CoinTelegraph Security Update CoinTelegraph posts an update to notify the community that the team has "identified and resolved the issue by removing unauthorized code that briefly affected our system". They have also "strengthened [thei]r security controls to prevent any similar occurrences in the future".

Technical Details

Visitors of CoinTelegraph were greeted with a pop-up advertisement which claimed they had been randomly selected to receive a free airdrop of new CTG tokens, with a reported value of $5,490 USD. The user was prompted to connect their wallet, which would likely be drained.

According to analysis from realScamSniffer, there was compromised JavaScript code coming from a third-party advertising software called "AdButler" on domain "adbutlerserve.com".

It's unclear if the advertising partner was compromised, or CoinTelegraph was tricked into applying JavaScript code which is from a fake advertising company. CoinTelegraph has attributed the failure to their "banner publishing system" being "briefly compromised".

Total Amount Lost

It is unknown how many people fell victim to the CoinTelegraph website phishing.

The total amount lost is unknown.

Immediate Reactions

After widespread detection and coverage, CoinTelegraph published a notice that they were aware of the issue on their website and working on a resolution.

Ultimate Outcome

CoinTelegraph was ultimately able to remove the malicious advertisement, and subsequently posted an update to that effect.

Total Amount Recovered

CoinTelegraph has not publicly offered any assistance for those affected.

There do not appear to have been any funds recovered in this case.

Ongoing Developments

There is no clarity regarding who was affected by the incident, or what was lost. It is unclear if any investigation is continuing.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. SlowMist Team - "SlowMist TI Alert @Cointelegraph's frontend has been compromised. Stay vigilant!" - Twitter/X (Accessed Jun 23, 2025)
  2. realScamSniffer - "CoinTelegraph's frontend has been compromised. Please be cautious." - Twitter/X (Accessed Jun 23, 2025)
  3. realScamSniffer - "According to our data, we blocked this threat at approximately "2025-06-22T22:41:51.050Z"." - Twitter/X (Accessed Jun 23, 2025)
  4. realScamSniffer - "The malicious JS code appears to come from Cointelegraph's advertising system." - Twitter/X (Accessed Jun 23, 2025)
  5. CoinTelegraph - "Cointelegraph’s banner publishing system was briefly compromised on June 21, resulting in a malicious advertisement promoting a fake token airdrop on our website. The team identified and resolved the issue by removing unauthorized code that briefly affected our system. We have strengthened our security controls to prevent any similar occurrences in the future." - Twitter/X (Accessed Jun 23, 2025)
  6. "ALERT: We are aware of a fraudulent pop-up falsely claiming to offer “CoinTelegraph ICO Airdrops” or “CTG tokens” that are appearing on our site." - Twitter/X (Accessed Jun 23, 2025)
  7. About CoinTelegraph (Accessed Jun 9, 2025)
  8. CoinTelegraph LinkedIn (Accessed Jun 9, 2025)
  9. Cointelegraph Announces Chinese HQ, Bolstering Its International Expansion - CoinTelegraph (Accessed Jun 9, 2025)
  10. CoinTelegraph Office Locations - Employbl (Accessed Jun 9, 2025)
  11. Cointelegraph Company Profile 2024 - Pitchbook (Accessed Jun 9, 2025)
  12. Cointelegraph Overview - SignalHire Company Profile (Accessed Jun 9, 2025)
  13. Cointelegraph: Contact Information, Journalists, and Overview - Muckrack (Accessed Jun 9, 2025)
  14. Another example why not to trust Cointelegraph - CryptoCurrency Reddit (Accessed Jun 9, 2025)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=CoinTelegraph_Website_CTG_Fair_Token_Airdrop_Phishing&oldid=6824"