CoinMarketCap recently experienced a supply chain attack that exposed its visitors to a crypto-stealing campaign via a fake Web3 wallet connection popup.
On June 20, 2025, a vulnerability in a homepage doodle image was exploited to inject malicious JavaScript, causing unsuspecting users to see a fraudulent wallet prompt. If users connected their wallets, a wallet drainer script executed, stealing crypto assets.
The attack worked by modifying an API that fetched the doodle image, embedding a script from an external domain (static.cdnkit[.]io) to simulate a legitimate Web3 transaction.
According to security researchers, this was a supply chain compromise involving third-party resources rather than CoinMarketCap’s servers directly.
Threat actor “Rey” shared screenshots indicating the attackers stole over $43,000 from 110 victims and discussed their success on a French-speaking Telegram group.
Wallet drainer attacks have surged alongside crypto’s growth, with nearly $500 million stolen in 2024 alone, prompting browser vendors like Mozilla to implement new safeguards.
Read more...