The violation, confirmed by Cointelegraph, allowed the attacker to insert a fraudulent pop-up window on the homepage, advertising a fake "CoinTelegraph ICO Airdrop" and promoting fake CTG tokens. Users were promised a reward of $5,500 in exchange for connecting their wallets — a tactic designed to collect sensitive wallet data and potentially withdraw funds.
To enhance the credibility of the scheme, the attackers referenced a non-existent audit purportedly conducted by the blockchain security firm CertiK. This trick is very similar to a recent scam targeting users on CoinMarketCap with similar wallet connection prompts.
Cointelegraph has urged all visitors not to click on pop-ups, not to link their cryptocurrency wallets, and not to share personal information on the site while the issue is being resolved.
The company is currently investigating the breach and has not yet disclosed how long the malware has been active or whether any users have suffered financial losses.
The content is for reference only, not a solicitation or offer. No investment, tax, or legal advice provided. See Disclaimer for more risks disclosure.
The Cointelegraph website was hacked to promote a fake Airdrop Token.
The violation, confirmed by Cointelegraph, allowed the attacker to insert a fraudulent pop-up window on the homepage, advertising a fake "CoinTelegraph ICO Airdrop" and promoting fake CTG tokens. Users were promised a reward of $5,500 in exchange for connecting their wallets — a tactic designed to collect sensitive wallet data and potentially withdraw funds.
To enhance the credibility of the scheme, the attackers referenced a non-existent audit purportedly conducted by the blockchain security firm CertiK. This trick is very similar to a recent scam targeting users on CoinMarketCap with similar wallet connection prompts. Cointelegraph has urged all visitors not to click on pop-ups, not to link their cryptocurrency wallets, and not to share personal information on the site while the issue is being resolved. The company is currently investigating the breach and has not yet disclosed how long the malware has been active or whether any users have suffered financial losses.