Hackers exploited a vulnerability in CoinMarketCap’s front-end system, utilizing a seemingly innocent doodle picture to inject malicious code that triggered pretend pockets verification pop-ups throughout the location.
The breach, confirmed by CoinMarketCap, used its backend API to ship a manipulated JSON payload that embedded JavaScript into the homepage in accordance with blockchain safety agency Coinspect Safety.
On June 20, 2025, our safety group recognized a vulnerability associated to a doodle picture displayed on our homepage. This doodle picture contained a hyperlink that triggered malicious code by an API name, leading to an surprising pop-up for some customers when visited our homepage.…
— CoinMarketCap (@CoinMarketCap) June 21, 2025
The script prompted an unauthorized immediate instructing customers to “Confirm Pockets,” a phishing tactic aimed toward tricking guests into handing over entry to their crypto holdings.
The blockchain safety agency traced the assault to the platform’s rotating “doodles” function, which allowed attackers to embed the malicious code with out altering the location’s core infrastructure.
The pop-up was stay for a brief interval earlier than being eliminated by CoinMarketCap’s group.
“Upon discovery, we acted instantly to take away the problematic content material,” CoinMarketCap mentioned in a press release posted to social media. “Complete measures have been carried out to isolate and mitigate the problem.”
CoinMarketCap has not disclosed what number of customers encountered the pop-up or whether or not any wallets have been compromised.
