CoinMarketCap recently faced a security threat when a fake popup appeared on its website, urging users to “Verify Wallet.” This incident raised concerns about potential malicious code infiltration. Within three hours, CoinMarketCap removed the script and initiated a comprehensive system review.
The popup, which was not part of any planned update, asked users to connect their wallets and approve ERC-20 token transactions, posing risks of wallet theft or unauthorized transfers. CoinMarketCap advised users against connecting their wallets until the issue was resolved.
Browser-based crypto wallets MetaMask and Phantom quickly flagged the site as unsafe, likely preventing many users from falling victim to the scam. The popup sought approvals that could allow hackers to control tokens in affected wallets, highlighting the persistent threat of phishing scams.
CoinMarketCap has faced security breaches before, notably in October 2021 when hackers stole over 3 million email addresses. The recent incident underscores the evolving nature of cyber threats, moving from data theft to code injection.
CoinMarketCap is continuing its investigation and taking measures to enhance security, though no timeline for the audit has been provided. Security experts recommend implementing multi-factor checks on code changes and regular scans for injected scripts.
For crypto users, experts advise treating unexpected “connect wallet” prompts with suspicion, even on trusted sites. Using hardware wallets and browser extensions that show requested permissions can help identify suspicious prompts. Keeping software up to date is also crucial, as personal caution remains a vital defense in the rapidly changing crypto landscape.
