CoinMarketCap Removes Malicious Wallet Popup Enhances Security

CoinMarketCap Removes Malicious Wallet Scam, Warns of Phishing Risks

CoinMarketCap, a top site for crypto price tracking, recently reported that an exploitative popup on its website led users to link their wallets. The deceptive alert requested that the site's visitors "Verify Wallet," something that numerous users promptly marked as a phishing scam.

The CoinMarketCap staff made their way to their official X (formerly Twitter) page to alert users: "Do NOT connect your wallet." They later came back with a fresh announcement indicating that they had "identified and removed the malicious code". Nonetheless, the team indicated that they still have an ongoing investigation and are working to fortify their website's security.

Source: CoinMarketCap X Handle

What Really Happened?

The false popup resembled a normal verification message to crypto users and security observers of their accounts. Upon clicking, it would request people to link their wallet and grant permission to access ERC-20 tokens, a perilous action that would open doors to hackers stealing crypto assets.

A user by the name Auri on X said that it had been created to deceive individuals into providing account access approvals. Another user, said that widely used crypto wallet extensions MetaMask and Phantom detected the issue immediately, advising all against interacting with the page. The front end of CoinMarketCap was compromised, displaying a malicious pop-up prompting users to "verify wallet." 

CoinMarketCap's prompt action prevented the situation from escalating. The malicious software was removed within three hours after the identification. It depicts their active response. Nevertheless, the warning signs are evident: crypto phishing scams are increasing, and users need to be vigilant.

Looking Back: CoinMarketCap’s 2021 Data Leak

This is not the first security issue CoinMarketCap has encountered. In October 2021, the site was hacked, and more than 3.1 million email addresses became available online. The hack was made public after the information appeared on hacker forums and was confirmed by Have I Been Pwned, a website that monitors data breaches.

The latest scam is a sobering reminder that even reputable websites are not safe from targeting. And since phishing attacks are on the rise, one should always double-check before clicking wallet links or popups.

Bigger Trouble in the Background

CoinMarketCap's problem occurs when internet security is being dealt a gigantic blow. A recently discovered breach has dumped more than 16 billion login credentials from websites such as Google, Apple, GitHub, and even Telegram.

Cybernews researchers indicate that the leak consists of 30 unique data sets that were located on open cloud servers and Elasticsearch databases. It's referred to as one of the largest leaks in history, and experts consider people using crypto particularly vulnerable since hackers frequently use leaked credentials to gain entry into wallets and exchanges. 

What Can Users Do?

Currently, users are encouraged to:

• Avoid clicking on any pop ups asking for wallet verification.

• Do not approve token permissions unless absolutely sure of the source.

• Use trusted browser extensions like MetaMask or Phantom which can identify susceptible websites.

• Change passwords regularly and enable (2FA) two-factor authentication wherever possible.

Final Thoughts

Such malicious activities are used to steal the details by the hackers. The stolen data or crypto is then used for laundering, DEX and cross-chain bridges, using unregulated platforms for trading, and selling stolen data. It results in monetary loss of the people and loss of trust and confidence. 

Crypto is an evolving space, but it comes with its own risks. Stay cautious, stay informed and never connect your wallet without verifying it properly.