David Edwards
According to an announcement on its X account, CoinMarketCap, the top cryptocurrency price-tracking platform, has quickly fixed and removed a fraudulent popup that asked users to “verify wallet” on its official website.
“We’ve identified and removed the malicious code from our site,” the company said on Friday. It also stated that an internal investigation is in progress and that more security measures are being put in place to strengthen user safety.
Only three hours had passed since CoinMarketCap first confirmed reports of the dubious message, which numerous cryptocurrency aficionados had identified on social media as a phishing scheme intended to steal private keys or personal data. According to one user, the popup “asks to connect wallet and then asks for approvals to ERC‑20 tokens.”
CoinMarketCap reaffirmed its caution: consumers should not approve any tokens or connect their wallets. According to reports, wallet providers Phantom and MetaMask warned users that the website was dangerous; Phantom browser extensions even prevented access to the website until the threat was eliminated.
This is CoinMarketCap’s second significant security compromise. The breach-monitoring service Have I Been Pwned discovered that over 3.1 million user email addresses were compromised in an October 2021 intrusion. These addresses then surfaced on hacker forums.
