Cointelegraph Hacked in Phishing Attack Targeting Users

Cointelegraph, a prominent cryptocurrency news outlet, was compromised in a sophisticated website hack on June 23, 2025. Attackers injected malicious pop-ups onto the site, falsely claiming that users were eligible for a $275,000 airdrop of "CTG" tokens. This incident is part of a growing trend where high-profile crypto media sites are being used to target their own audiences with phishing attacks. Just days prior, CoinMarketCap had suffered a similar compromise, resulting in user wallets being drained through fake pop-ups.

The malicious pop-up on Cointelegraph's site claimed that users could receive 50,000 "CTG" tokens, purportedly from a non-existent Cointelegraph ICO. The scam presented an enticing value proposition, with the fake tokens allegedly worth approximately $5,490 each, totaling $274,500 for the promised airdrop amount. The fraudulent interface prompted users to connect their cryptocurrency wallets and provide personal information to claim the non-existent tokens. However, connecting wallets to such malicious interfaces typically results in the complete drainage of the wallet, as attackers gain access to approve transactions that transfer all assets to their control.

Blockchain security firm Scam Sniffer quickly identified the threat, warning that Cointelegraph's frontend had been compromised and flagging the site for potential phishing attacks. According to Scam Sniffer's analysis, the malicious JavaScript code originated from Cointelegraph's own advertising system, suggesting that attackers may have infiltrated the site's ad network infrastructure. Scam Sniffer announced on social media that they had blocked the threat at approximately 22:41:51 UTC on June 22, 2025.

The security breach appears to have exploited Cointelegraph's advertising delivery system, with malicious scripts injected through compromised ad server files. This attack vector has become increasingly common, as it allows cybercriminals to reach large audiences through trusted websites without directly compromising the main site infrastructure. The malicious JavaScript code was traced back to Cointelegraph's advertising system, with related files identified as https://adbutlerserve[.]com/assets/inject.js and https://adbutlerserve[.]com/assets/90435885-4428-4fc3-ade0-378d793ea392.js.

The fake CTG token does not exist on any legitimate cryptocurrency exchanges, and Cointelegraph has never announced plans for an ICO or token launch. These are clear red flags that seasoned crypto users should recognize. At the time of writing, Cointelegraph's official Twitter account confirmed that the pop-up was a scam and warned readers not to click on the pop-up, not to connect their crypto wallet, and not to enter any personal information.

The cryptocurrency community continues to face evolving threats as cybercriminals exploit the trust users place in established media outlets and trading platforms. This incident underscores the importance of vigilance and the need for robust security measures to protect against such attacks. Users are advised to be cautious and verify the authenticity of any airdrop or token offer before taking any action.