Hackers exploited a vulnerability in CoinMarketCap’s front-end system, using a seemingly harmless doodle image to inject malicious code that triggered fake wallet verification pop-ups across the site.

The breach, confirmed by CoinMarketCap, used its backend API to deliver a manipulated JSON payload that embedded JavaScript into the homepage according to blockchain security firm Coinspect Security.

The script caused an unauthorized prompt instructing users to “Verify Wallet,” a phishing tactic aimed at tricking visitors into handing over access to their crypto holdings.

The blockchain security firm traced the attack to the platform’s rotating “doodles” feature, which allowed attackers to embed the malicious code without altering the site’s core infrastructure.

The pop-up was live for a short period before being removed by CoinMarketCap’s team.

“Upon discovery, we acted immediately to remove the problematic content,” CoinMarketCap said in a statement posted to social media. “Comprehensive measures have been implemented to isolate and mitigate the issue.”

CoinMarketCap has not disclosed how many users encountered the pop-up or whether any wallets were compromised.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。