Former Binance, Changpeng “CZ” Zhao commented on the recent attacks on the CoinMarketCap and Cointelegraph websites.
The co-founder and former CEO of Binance, Changpeng “CZ” Zhao, issued a warning to cryptocurrency investors about recent attacks on crypto data sites and platforms. “Be careful when authorizing wallet connections,” CZ posted on X early Tuesday afternoon (23).
In recent days, the systems of the CoinMarketCap and Cointelegraph websites were targeted by hackers, who exposed users to phishing schemes. In this regard, CZ warned that hackers are targeting crypto information sites to conduct scams involving wallet connections, recommending caution when authorizing such connections.
Last Saturday (21), users of the price indexer CoinMarketCap reported a suspicious pop-up asking to connect wallets, identified as a phishing attempt.
The crypto community on X quickly alerted about the scam. After the reports, CMC confirmed the presence of malicious code, which was removed, and initiated a security investigation, urging users to avoid connecting their wallets.
An update on Tuesday (24) revealed that the attack affected 76 cryptocurrency wallets and resulted in a loss of $21,000 (R$ 115,000) to investors, which will be fully reimbursed by the company, as CZ highlighted in his post.
According to the indexer, the virus was in a “doodle image” on its homepage and “contained a link that triggered malicious code through an API call, resulting in an unexpected pop-up for some users.”
The security firm Coinspect Security conducted an analysis in which it claims that the attack was a JavaScript injection via Lottie JSON. “We successfully reproduced a JavaScript injection vulnerability that exploits Lottie animation JSON files. The ‘CoinMarketClap doodle’ incident demonstrates this attack vector.”
Front-end Attack
Last week, the Cointelegraph website was targeted by a front-end attack that displayed a fake pop-up announcing an airdrop of “CTG” tokens, promising $5,500 in exchange for wallet connections.
The fraudulent message falsely cited CertiK as the auditor of the contract. Cointelegraph confirmed the breach and warned users not to click or provide data.
In both cases, hackers stole cryptocurrencies as soon as users connected their wallets, revealing a new strategy: using information sites to conduct scams, instead of attacking brokerages.
A study by TRM Labs indicated that phishing scams and malware attacks accounted for 70% of the $2.2 billion stolen in crypto in 2024, raised the site Cryptopotato.
Phishing scams
Phishing scams can catch even the most experienced off guard, as happened with billionaire Mark Cuban in 2023 when he downloaded a fake version of the Metamask wallet, and with Brazilian cryptocurrency influencer Augusto Backes last year, when he accessed a “very well-made” email.
Last year, CVM and ANBIMA (Brazilian Association of Financial Market and Capital Entities) conducted a test – in practice, a prank – to show how vulnerable Brazilians are to cryptocurrency scams while also warning the public about the need for caution with fraud.
The entities created a website for a fictitious company that simulated the offering of stock funds and guaranteed unrealistically high profits, without informing that it was a simulation. The site was online for four months in the second half of 2023 and had over 170,000 total visits, coming from online ads and social media.
“Almost half of the people accessing a fake brokerage site would fall for a financial scam,” said the CVM in a report.