CoinMarketCap, a cryptocurrency price-tracking platform, has reportedly taken down a malicious pop-up notification on its website that was urging users to verify their crypto wallets, according to a statement on its official X account.
“We’ve identified and removed the malicious code from our site,” the platform announced on Friday.
CoinMarketCap is still in the process of investigating the issue
“Our team is continuing to investigate and is taking additional steps to enhance our security,” the platform stated.
This update came less than three hours after CoinMarketCap first acknowledged the presence of the malicious pop-up, following widespread speculation and concern on social media.
“We’re aware of a malicious popup prompting users to ‘Verify Wallet’ that has appeared on our site,” CoinMarketCap said at the time.
Numerous crypto users on X identified the pop-up as a phishing scam—a type of fraud that deceives victims into revealing private keys or sensitive information. These scams often involve hackers hijacking reputable accounts or creating fake ones to share links that appear legitimate.
Crypto user Auri noted that the pop-up “asks to connect a wallet and then requests approvals for ERC-20 tokens.”
CoinMarketCap cautioned users against connecting their wallets and emphasized that they were actively working to “resolve the issue.”
MetaMask and Phantom were quick to detect the issue
Crypto user Jet claimed that MetaMask and Phantom had “red-flagged” the malicious activity.
As of the time of publication, users with the Phantom wallet browser extension are presented with a warning indicating that the website is “unsafe to use,” according to further investigation.
The incident comes nearly four years after CoinMarketCap was hacked in October 2021, leading to the exposure of over 3.1 million (3,117,548) user email addresses.
The breach was uncovered when the compromised email addresses began circulating on various hacking forums and were later reported by Have I Been Pwned, a website that monitors data breaches and compromised accounts.
