Cointelegraph Users Targeted in $5,490 Crypto Scam via Ad System

Coin WorldMonday, Jun 23, 2025 2:15 am ET
1min read

Cointelegraph, a prominent cryptocurrency news platform, recently fell victim to a cyberattack that mirrored a similar incident experienced by CoinMarketCap. The attack involved a deceptive pop-up message that appeared on the Cointelegraph website, claiming that users had been randomly selected to receive 50,000 “CTG” tokens, valued at over $5,000. The pop-up was designed to mimic legitimate airdrop campaigns, complete with a countdown timer and prompts to connect crypto wallets. However, the entire experience was a fabrication by attackers aiming to drain users' funds.

Scam Sniffer, a blockchain security firm, identified the breach and issued a public alert, warning users about the compromised frontend of Cointelegraph. The malicious JavaScript code was traced back to the site’s advertising system, rather than its core infrastructure. This technique, where attackers exploit vulnerabilities in third-party systems, has become increasingly common. The scam interface presented a fake reward worth $5,490 and labeled the transaction process as “secure,” “instant,” and “verified.” Once users clicked to connect their wallet, the script could initiate approvals and transfers without the user’s informed consent.

These types of attacks are particularly dangerous because they appear on well-known, trusted websites, leading users to assume that such platforms have adequate security measures. This makes ad-based exploits far more effective than phishing links sent through email or social media. The CTG token mentioned in the scam does not exist on any legitimate exchange or blockchain, which should serve as a red flag for users. However, newer entrants to the crypto space may be unaware of what to look for in a legitimate token offering.

Similar breaches have been reported across the crypto space, with CoinMarketCap experiencing a comparable incident this month. In that case, attackers embedded a wallet-draining link into a front-facing promo box on the site, with the compromise stemming from third-party code. As more crypto companies depend on external ad services, their surfaces for attack increase dramatically. Even if a platform is secure at the application level, malicious scripts delivered through external partners can easily bypass protections. This growing trend has prompted calls for stricter auditing of third-party integrations and more robust sandboxing of external content.

Comments



Add a public comment...
No comments

No comments yet

Disclaimer: The news articles available on this platform are generated in whole or in part by artificial intelligence and may not have been reviewed or fact checked by human editors. While we make reasonable efforts to ensure the quality and accuracy of the content, we make no representations or warranties, express or implied, as to the truthfulness, reliability, completeness, or timeliness of any information provided. It is your sole responsibility to independently verify any facts, statements, or claims prior to acting upon them. Ainvest Fintech Inc expressly disclaims all liability for any loss, damage, or harm arising from the use of or reliance on AI-generated content, including but not limited to direct, indirect, incidental, or consequential damages.