In a swift and concerning attack, popular cryptocurrency tracking website CoinMarketCap was briefly compromised on Friday, leading to a sophisticated phishing scam that drained an estimated $45,000 worth of crypto assets from over 110 users. The attackers leveraged a vulnerability in the platform’s animated logo to inject malicious code, displaying a fake Web3 wallet connection pop-up designed to steal funds.
The incident, which reportedly lasted only a few hours, saw users encountering an unauthorized “Verify Wallet” prompt upon visiting the CoinMarketCap homepage. This pop-up was not legitimate but rather a highly specialized “crypto-drainer” phishing kit. Unsuspecting users who attempted to connect their crypto wallets to this fraudulent interface inadvertently granted access to the attackers, who then swiftly siphoned off their digital assets.
According to threat intelligence analyst ReyXBF, the individual behind the attack is a French-speaking actor known as “Zartix” and “Spadle.” These individuals are believed to be associated with “The Com,” an underground community also linked to the notorious Scattered Spider group.
Further analysis by security firm C/side indicates that the malicious code utilized in the attack is connected to “Inferno Drainer,” a widely recognized crypto-draining phishing service that, despite claiming to shut down in late 2023, has continued to operate.
This incident highlights the persistent and evolving threat of Web3 phishing attacks. Cybercriminals are increasingly exploiting vulnerabilities in front-end interfaces of legitimate platforms to serve deceptive content, aiming to trick users into approving malicious transactions. The attack on CoinMarketCap serves as a stark reminder for cryptocurrency users to remain vigilant.
Users are strongly advised to always double-check URLs, avoid clicking on suspicious pop-ups, and verify the legitimacy of any wallet connection requests, even on seemingly trusted websites. Enabling two-factor authentication (2FA) and using hardware wallets for storing significant crypto assets are crucial preventative measures against such sophisticated attacks.
CoinMarketCap has not yet released an official statement regarding the number of affected users or the total amount of funds drained, but the incident underscores the continuous need for robust cybersecurity practices within the rapidly expanding Web3 ecosystem.
