CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup

CoinMarketCap was hacked on Friday after a malicious popup appeared on its website, urging users to “verify” their wallets.

The phishing-style notification asked users to connect their wallets and approve ERC-20 token access, raising immediate red flags across the crypto community.

Wallet providers like MetaMask and Phantom quickly flagged the site as unsafe, with Phantom displaying a browser warning against using the platform.

CoinMarketCap Removes Malicious Popup

In a Friday post on X, CoinMarketCap confirmed the removal of the malicious popup. “We’ve identified and removed the malicious code from our site,” the platform said.

The company added that it is continuing to investigate the breach and is reinforcing its security measures to prevent similar incidents.

Update: We've identified and removed the malicious code from our site.

Our team is continuing to investigate and taking steps to strengthen our security.

— CoinMarketCap (@CoinMarketCap) June 21, 2025

The malicious prompt, which triggered warnings from wallet providers like MetaMask and Phantom, reportedly asked users to connect their wallets and approve access to ERC-20 tokens.

Phantom’s browser extension even flagged CoinMarketCap as “unsafe to use,” raising concerns about the platform’s vulnerability.

Reports of the phishing attempt began circulating across crypto social media, with several users alerting others not to interact with the prompt.

Many suspected the attack was an attempt to steal wallet credentials through a fake interface mimicking a legitimate verification process.

The incident has reignited concerns about CoinMarketCap’s security, coming nearly four years after a 2021 data breach exposed the email addresses of over 3.1 million users.

That data was later discovered for sale on hacking forums, prompting criticism over the platform’s safeguards.

🚨 SECURITY ALERT 🚨
We're seeing reports that @CoinMarketCap's front end has been compromised and is trying to trick people into linking their wallets, presumably to drain them. pic.twitter.com/a0JREDSPvS

— Jameson Lopp (@lopp) June 20, 2025

CoinMarketCap, owned by Binance, remains one of the most widely used resources in the crypto space, making it a prime target for malicious actors looking to exploit its credibility.

Users are urged to avoid connecting wallets to unsolicited prompts and to verify all interactions through official channels.

The company has not disclosed the source of the breach but has committed to ongoing security reviews.

Crypto Crime Turns Violent as Illicit Transactions Top $40B in 2024

Illicit cryptocurrency activity surged to at least $40.9 billion in 2024, according to Chainalysis, with the number likely to grow as more criminal-linked wallets are identified.

Hacks alone accounted for $2.2 billion in stolen assets, a 21% increase from the previous year.

North Korean-linked groups, including Lazarus and Tradetraitor, were behind over 60% of those thefts, with major incidents like the $300 million hack of Japan’s DMM Bitcoin exchange among their hits.

But the threats go beyond online exploits. Criminal groups are using crypto to fund and conceal a wider range of crimes—from investment scams and AI-enhanced romance frauds to drug trafficking and even physical violence.

In one alarming case on May 13, 2025, the daughter and grandson of Paymium’s CEO were nearly kidnapped in Paris by masked men.