CoinMarketCap suffered a front-end breach involving malicious JavaScript
The post CoinMarketCap suffered a front-end breach involving malicious JavaScript appeared on BitcoinEthereumNews.com. CoinMarketCap, the cryptocurrency market data platform with over 340 million monthly visits, faced a front-end compromise earlier today. The breach involved the injection of malicious JavaScript code into the site’s rotating “Doodles” feature, asking users to “verify wallet,” a pop-up meant to steal their funds. According to an on-chain analyst going by the pseudonym okHOTSHOT on X, the malicious code was delivered through manipulated JSON files served via CoinMarketCap’s own backend API. The data was used to load animated “doodles” on the front page. When one doodle titled “CoinmarketCLAP,” was loaded, it silently executed JavaScript that redirected users to a wallet drainer dubbed “Impersonator,” a deceptive interface to trick them into authorizing token transfers. The attack was not immediately apparent to all users because the site rotated doodles randomly per visit. Yet, visiting the /doodles/ endpoint reportedly triggered the wallet drainer on every occasion. Blockchain investigators identified a known malicious address receiving token approvals: 0x000025b5ab50f8d9f987feb52eee7479e34a0000.
The post CoinMarketCap suffered a front-end breach involving malicious JavaScript appeared on BitcoinEthereumNews.com.
CoinMarketCap, the cryptocurrency market data platform with over 340 million monthly visits, faced a front-end compromise earlier today. The breach involved the injection of malicious JavaScript code into the site’s rotating “Doodles” feature, asking users to “verify wallet,” a pop-up meant to steal their funds. According to an on-chain analyst going by the pseudonym okHOTSHOT on X, the malicious code was delivered through manipulated JSON files served via CoinMarketCap’s own backend API. The data was used to load animated “doodles” on the front page. When one doodle titled “CoinmarketCLAP,” was loaded, it silently executed JavaScript that redirected users to a wallet drainer dubbed “Impersonator,” a deceptive interface to trick them into authorizing token transfers. The attack was not immediately apparent to all users because the site rotated doodles randomly per visit. Yet, visiting the /doodles/ endpoint reportedly triggered the wallet drainer on every occasion. Blockchain investigators identified a known malicious address receiving token approvals: 0x000025b5ab50f8d9f987feb52eee7479e34a0000.
What's Your Reaction?
