CoinMarketCap was attacked by JavaScript malware.

CoinMarketCap, a market data platform for the crypto market with over 340 million monthly visits, faced a data breach incident early today. This violation involves injecting malicious JavaScript code into the rotating "Doodles" feature of the website, prompting users to "verify their wallet," a popup intended to steal their funds. According to an on-chain analyst with the pseudonym okHOTSHOT on X, malware is being spread through manipulated JSON files provided via CoinMarketCap's backend API. The data is used to upload the animated "doodle" to the homepage. When a doodle titled "CoinmarketCLAP" is uploaded, it silently executes JavaScript to redirect users to a wallet withdrawal interface called "Impersonator", a scam interface to trick them into authorizing token transfers. The attack is not always clear to all users as the website rotates random drawings for each visit. However, accessing the endpoint /doodles/ has been reported to trigger the wallet withdrawal process every time. Blockchain investigators have identified a known malicious address that is receiving token approvals: 0x000025b5ab50f8d9f987feb52eee7479e34a0000. Security experts believe that the attack may have exploited a vulnerability in the animation tool used to display doodles, possibly Lottie or a similar tool, allowing arbitrary JavaScript execution through JSON configuration. According to analysts at Coinspect, the attacker appears to have gained access to the backend and set a deadline for the vulnerability, which may have been planned in advance. CoinMarketCap has made a public statement regarding the breach through their official X account, stating: "We have identified and removed malware from our website. Our team is continuing to investigate and taking steps to enhance security." The company further stated that the affected pop-up window has been removed and the system has been fully restored. Although the attack only targeted the front-end interface, security experts are urging investors to be cautious when accessing their wallets. CoinMarketCap is a platform that many traders and crypto investors access every minute. "The scale of this scam can be very large, appearing completely legitimate, with no clear warning signs," a trader calculated on social media. "You are just accessing a website that you check daily. Be careful out there." Experts also believe that users who connected their wallets or approved transactions during the breach may have been compromised. As a precaution, those who fell victim to the malicious trap are advised to revoke any recent token approvals and avoid interacting with similar pop-ups on crypto-related platforms. According to a report by Cryptopolitan on Thursday, one of the largest known data breaches in internet history also occurred this week. More than 16 billion usernames and passwords are said to have been leaked. BitoPro confirms the theft of 11 million dollars in cryptocurrency by Lazarus Group In another related news, the Taiwanese cryptocurrency exchange BitoPro has confirmed a breach that resulted in the theft of approximately 11 million dollars in digital assets. The company has linked the attack to the state-sponsored hacking group from North Korea known as Lazarus. According to theme X published on June 19, this theme has cited similarities with previous incidents related to illegal international money transfers and unauthorized access to crypto market platforms. The violation occurred on May 8, 2025, during the update of the regular hot wallet system. The attacker exploited the employee's device to bypass multi-factor authentication by using a stolen AWS session token. Malware was implanted through a social engineering attack that allowed the hacker to execute commands, inject scripts into the wallet system, and simulate legitimate activity while withdrawing funds. Assets have been transferred across multiple blockchains, including Ethereum, Solana, Polygon, and Tron, and have been washed through decentralized exchanges and mixers such as Tornado Cash, Wasabi Wallet, and ThorChain.