Initially, users and community members reported the incident on social media. A user named “Jet” issued a warning on X. Soon after, MetaMask and Phantom wallets flagged CoinMarketCap as dangerous. Additionally, Phantom announced that “coinmarket.com was blocked.” 

Security firm Coinspect Security stated that the attack occurred through CoinMarketCap’s backend API. Malicious JavaScript codes were injected into the system via the platform’s ‘doodles’ feature. This technique could lead to wallets being drained without users’ knowledge. The pop-up requested ERC-20 token approvals, aiming to scam users. 

Rising Crypto Attacks Draw Attention 

This incident brings other recent crypto attacks back into focus. In recent weeks, Iran-based exchange Nobitex was targeted by Israeli hackers, causing over $100 million in damages. Around the same time, global giant Coinbase also faced a similar attack. 

CoinMarketCap had previously been hacked in October 2021, when around 3.1 million users‘ email addresses were stolen. In this recent incident, a phishing attack aimed to gain access to users’ private keys. The crypto community once again emphasized the importance of being cautious about prompts asking for wallet connections. 

CoinMarketCap announced that it has started working on improving security following the attack. Users must also act responsibly against such fake redirects. Avoiding untrusted links and regularly reviewing wallet access permissions are of vital importance. 

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post CoinMarketCap Removed Malicious Code Threatening Crypto Wallets  appeared first on Coin Engineer.