CoinMarketCap Hit By Phishing Attack, Raising Security Concerns

Cryptocurrency data aggregator CoinMarketCap experienced a security breach on Friday when a malicious pop-up appeared on its website, prompting users to “verify” their wallets. The incident has reignited concerns about the platform’s security, nearly four years after a significant data leak in 2021.

The phishing-style notification instructed users to connect their wallets and approve access to ERC-20 tokens, immediately raising red flags across the crypto community. Wallet providers such as MetaMask and Phantom swiftly flagged the CoinMarketCap site as unsafe, with Phantom displaying a browser warning against using the platform.

CoinMarketCap, owned by Binance, confirmed the removal of the malicious code in a Friday post on X (formerly Twitter). “We’ve identified and removed the malicious code from our site,” the company stated, adding that it is continuing to investigate the breach and reinforce its security measures.

Reports of the phishing attempt quickly circulated on crypto social media, with users urging others not to interact with the suspicious prompt. Many suspected the attack aimed to steal wallet credentials through a fake interface designed to mimic a legitimate verification process.

This incident follows a 2021 data breach where over 3.1 million CoinMarketCap user email addresses were exposed and subsequently found for sale on hacking forums, drawing criticism regarding the platform’s safeguards.

As a widely used resource in the crypto space, CoinMarketCap remains a prime target for malicious actors. Users are strongly advised to avoid connecting wallets to unsolicited prompts and to verify all interactions through official channels. The company has not yet disclosed the source of the breach but has committed to ongoing security reviews.

The CoinMarketCap incident comes amidst a broader surge in illicit cryptocurrency activity. According to blockchain analytics firm Chainalysis, illicit transactions topped at least $40.9 billion in 2024, with figures expected to climb as more criminal-linked wallets are identified. Hacks alone accounted for $2.2 billion in stolen assets, marking a 21% increase from the previous year.