CoinMarketCap Removed a Phishing Malware from Its Website, but the Incident Reveals Security Risks Exist Even on Top Crypto Platforms.
CoinMarketCap, the leading platform for providing digital asset price data, has just discovered and removed a malicious code from its website. The incident was manifested through a fraudulent (phishing) pop-up window, requesting users to connect and "verify wallet", a typical tactic aimed at stealing user assets.
Although the issue was quickly resolved in less than three hours after discovery, it serves as a serious reminder of the cybersecurity risks that always lurk in the crypto space.
In the official announcement on the X platform, the CoinMarketCap team stated they are still conducting a detailed investigation and implementing additional security measures. However, this incident has caused a wave of concern in the crypto community, especially when CoinMarketCap is considered the most reliable information source in the industry.
This incident is not simply a technical issue but also negatively impacts the trust of millions of investors and regular users who follow data on this platform.
According to victim descriptions, the harmful pop-up was a sophisticated phishing form. A user named Auri stated that the pop-up requested wallet connection, followed by granting access to ERC-20 tokens, an action that potentially risks completely draining assets from the wallet.
In reality, phishing remains a common and effective attack method, where hackers exploit the reputation of large brands to trick users into revealing private keys or granting wallet access.
In this incident, popular security tools in the crypto ecosystem proved effective. Many users reported that wallet browser extensions like MetaMask and Phantom proactively warned that CoinMarketCap was an unsafe website, helping to timely prevent potential damages.
This demonstrates the clear progress of security solutions in the Web3 space, where user safety is not only dependent on a single platform but also protected by a rich ecosystem of security tools.
This incident occurred nearly four years after the data leak in October 2021, when over 3.1 million CoinMarketCap user email addresses were exposed. Although the nature of the two incidents differs, they both show that in an industry based on source code and trust, no platform can be completely immune to cybersecurity risks.
