The breach exploited a backend API vulnerability linked to the platform’s doodles feature, prompting an ongoing investigation.
CoinMarketCap’s front end was compromised on June 20, with its webpage displaying unauthorized pop-up messages asking visitors to verify their crypto wallets. The malicious pop-up was first flagged by several crypto community members.
The platform’s team confirmed the incident and warned users against connecting their wallets while they investigate and work to resolve the issue.
Blockchain security service provider Coinspect Security has uncovered that CoinMarketCap’s backend API is delivering manipulated JSON payloads designed to inject malicious JavaScript through its rotating “doodles” feature.
Also today, Crypto Briefing noticed signs of a similar security incident on another popular crypto website.
The webpage displayed a pop-up claiming an “exclusive airdrop” opportunity, which was distinct from the CoinMarketCap incident but similarly prompted visitors to connect their wallets through claiming the airdrop.
Crypto Briefing was unable to confirm whether the site’s front-end was compromised, given that the suspicious behavior appeared to last only around five minutes. The site quickly returned to normal, and the pop-up was no longer visible.
The breach follows a cybersecurity report from Cybernews revealing 16 billion exposed passwords in one of the largest data breaches in history, affecting access to major platforms including Facebook, Google, and Apple.
Experts recommend that users update passwords for all major accounts, especially those connected to sensitive services such as work platforms. Users are strongly advised to use a password manager to generate strong, unique passwords for each account.
Extra security measures, including enabling two-factor authentication (2FA) and closely monitoring accounts, should also be considered.
