Crypto news outlet Cointelegraph confirmed that its website was compromised through a front-end exploit, which injected a malicious pop-up presenting a fake airdrop offering "CoinTelegraph ICO Airdrops" and "CTG tokens".
The fraudulent banner urged visitors to connect their crypto wallets in exchange for an alleged $5,500 worth of tokens, invoking a bogus CertiK audit and the notion of a "fair launch" to appear legitimate. Cointelegraph promptly warned its audience against interacting with these pop-ups or entering personal information, and stated it was actively working on a fix.
This phishing scam exploits the trust users place in reputed platforms, similar to an incident two days prior when CoinMarketCap suffered an analogous attack that embedded wallet-phishing prompts. Both attacks leveraged hijacked trusted crypto data and news sites to bypass skepticism and target users' browser wallets holding Ethereum (ETH), Bitcoin (BTC), and various altcoins.
Despite the severity of the attack vector, no confirmed immediate financial losses have been reported, though users are urged heightened vigilance to avoid falling victim to wallet draining.
The incident highlights growing threats of social engineering and phishing scams in the crypto ecosystem, which reportedly caused over $1 billion in losses across nearly 300 incidents during 2024. Cointelegraph’s breach accentuates the need for continuous security improvements and user caution amid the ongoing rise of such exploit techniques.