CoinMarketCap Hacked Users Warned of Phishing Scam

On June 20, 2025, the crypto tracker platform CoinMarketCap experienced a security breach. Users attempting to access the website encountered a malicious pop-up that instructed them to “Verify Wallet.” This pop-up was a phishing scam designed to steal users’ seed phrases, which are critical for accessing their cryptocurrency wallets. The incident was first reported by Decentra, a decentralized crypto platform, which posted about the hack on X, a social media platform.

Vladimir S., a threat researcher and author, confirmed the hack via X, sharing a screenshot of the pop-up. The pop-up asked users to connect their wallets and then requested ERC20 approvals, which is a common tactic used in phishing scams to steal private keys or personal data. Users were advised not to approve any requests and to use tools like RevokeCash if they had accidentally approved any.

Phantom, a popular cryptocurrency wallet, also flagged the CoinMarketCap website as malicious and unsafe to use. The wallet’s Chrome extension blocked access to the website, warning users that it was part of a community-maintained database of known phishing websites and scams. Phantom allowed users to ignore the message and proceed, but advised caution until the issue was resolved.

On June 21, 2025, CoinMarketCap issued an official statement via X, acknowledging the security breach. The company’s security team identified a vulnerability related to a doodle image on the homepage, which contained a link that triggered malicious code through an API call. This resulted in an unexpected pop-up for some users. CoinMarketCap confirmed that all systems were now fully operational and that the platform was safe and secure to use.

Grok, an AI chatbot, provided additional details about the incident. According to Grok, the malicious pop-up was caused by a compromised backend API serving manipulated JSON payloads, injecting malicious JavaScript via CMC’s “doodles” feature. Within hours of the incident, CoinMarketCap acknowledged the issue and warned users not to connect their wallets. By June 21, the company had removed the malicious code and implemented security measures. The investigation into the incident is ongoing.

Phantom and MetaMask, two popular cryptocurrency wallets, flagged CoinMarketCap as unsafe following the incident. The warning message from Phantom may be a residual flag from June 20, and users are advised to avoid using CoinMarketCap until the warning is lifted. Alternatively, users can confirm the site’s safety via other security tools like VirusTotal or use alternative platforms like CoinGecko.

CoinMarketCap assured its users that the platform is now safe to use and secure for everyone. The company is actively monitoring feedback and the support team is standing by to ensure all inquiries are promptly addressed. However, users are reminded to remain cautious online and never give their seed phrase to anyone, no matter which platform asks for it. The crypto ecosystem is risky, and vigilance is key to protecting one’s assets.