The cryptocurrency data provider CoinMarketCap has resolved a short-term security incident. This incident caused website visitors to encounter a fraudulent pop-up window, requesting them to connect their cryptocurrency wallets.
The incident on 06/20 disrupted the platform's user interface for several hours before the team implemented recovery measures.
CoinMarketCap incident traced to malicious doodle
According to the company, the breach involved an unwanted pop-up window on the homepage, requiring users to verify their wallets to access full account features.
"We are aware that a malicious pop-up requesting users to 'Verify Wallet' appeared on our page. Do not connect your wallet," the data aggregator warned.
Although this message mimicked a legitimate function, security analysts quickly warned that the request was malicious and likely aimed at compromising user wallets.
Malicious pop-up message on CoinMarketCap homepage. Source: X/Jameson LoppIn a subsequent update, CoinMarketCap revealed that the issue originated from a doodle image embedded on their homepage. This image was linked to an external call that triggered unauthorized JavaScript, leading to suspicious wallet requests.
"On 06/20/2025, our security team identified a vulnerability related to a doodle image displayed on our homepage. This doodle image contained a link that activated malicious code through an API call, resulting in an unwanted pop-up for some users when accessing our homepage," CoinMarketCap explained.
Investigators discovered that the breach might have originated from a compromised third-party service, likely an advertising network. This service had injected malicious code into the platform's display system.
Meanwhile, CoinMarketCap clarified that external dependencies used to serve content – not their internal infrastructure – caused the issue.
The platform confirmed that all affected scripts and assets have been removed, and new protective measures have been introduced to prevent similar exploits. They also assured users that the situation is under control and website access is now safe.
"We are actively monitoring user feedback, and our support team is ready to ensure all requests are resolved promptly. We are committed to maintaining the highest standards of security and transparency, and we appreciate the continued trust of our community," they added.
CoinMarketCap, owned by Binance, continues to serve millions of users tracking cryptocurrency prices and real-time market data.
However, this incident reminds us that even the most reputable platforms must proactively protect users from increasingly prevalent threats.
For this reason, security experts have advised cryptocurrency wallet users to always be cautious by regularly reviewing recent activity and avoiding connections with unverified dApps or requests.
As of this point in the year, hackers have aggressively targeted vulnerabilities on even the most reputable platforms. In total, these breaches have led to over $2 billion in stolen assets, including a major exploit of $1.4 billion on Bybit.
