The cryptocurrency news outlet #Cointelegraph confirmed that its website was attacked via a front-end exploit, aimed at promoting a fraudulent token airdrop campaign and stealing users' assets. This is the latest incident in a wave of phishing attacks targeting crypto platforms, using fake token reward tricks to lure users.
Details of the attack and warnings from Cointelegraph
Cointelegraph announced on X on Sunday evening that they are aware of the 'scam pop-up windows' and are 'actively addressing' it. They warned users, 'Do not click on these pop-up windows, do not connect your wallet [or] enter any personal information.'
The fake pop-up claims that users have been selected to receive new token rewards, supposedly part of a 'fair launch initiative' from Cointelegraph to thank loyal readers. It displays a fake token price and promises users they will receive tokens worth nearly $5,500 if they connect their cryptocurrency wallet. Additionally, the message falsely claims that the security firm CertiK has audited the smart contract.
Connections to other attacks and the crypto scam situation
This attack method is similar to a front-end attack on the CoinMarketCap price aggregation page just two days earlier. In CoinMarketCap's case, website visitors saw pop-up windows requesting wallet connections for verification. #CoinMarketCap then confirmed that malicious code had been injected into the website and had been removed.
Both incidents represent a growing wave of phishing attacks targeting crypto platforms through user interface infiltration. In these scams, victims are lured into connecting their wallets under false pretenses (such as receiving tokens or verifying identity), and then their accounts are drained by the attacker.
According to blockchain intelligence firm TRM Labs, phishing schemes and infrastructure attacks based on malware account for 70% of the $2.2 billion stolen in cryptocurrency-related hacks in 2024.
The Cointelegraph attack occurred just days after security researchers revealed a massive data leak containing over 16 billion stolen credentials, including access to accounts on platforms like Google, Telegram, Facebook, and GitHub. This data trove is likely to have been gathered from information-stealing malware, credential stuffing attacks, and previous leaks.