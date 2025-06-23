A fresh wave of phishing attacks has engulfed the crypto community this weekend, with scammers deploying both broad brush and precision tactics.

Popular websites CoinMarketCap and Cointelegraph were compromised to serve wallet drainers via malicious pop-ups, while Trezor’s contact form was hacked to send out spoofed emails.

Don’t check the charts

CoinMarketCap, one of the best-known sites for checking crypto prices and other token metrics, alerted users to a fake wallet verification pop-up close to midnight on Friday.

🚨 Security Alert



We’re aware that a malicious pop-up prompting users to "Verify Wallet" has appeared on our site.



⚠️ Do NOT connect your wallet.



Our team is actively investigating and working to resolve the issue. — CoinMarketCap (@CoinMarketCap) June 20, 2025

Two and a half hours later, an update informed users that it had “identified and removed the malicious code.” Security firm Coinspect identified the vulnerability as a JavaScript injection via the animation file format “Lottie.”

CoinMarketCap followed up earlier today, stating that “76 accounts were affected, with losses amounting to $21,624.47” and that all affected users will be fully reimbursed.

Making the news in more ways than one

Popular crypto news outlet Cointelegraph was also compromised, with the malicious pop-up this time promoting a fictitious airdrop as a tempting lure.

🚨 ALERT: We are aware of a fraudulent pop-up falsely claiming to offer “CoinTelegraph ICO Airdrops” or “CTG tokens” that are appearing on our site.



DO NOT:

– Click on these pop-ups

– Connect your wallets

– Enter any personal information



We are actively working on a fix. — Cointelegraph (@Cointelegraph) June 23, 2025

Crypto scam watchdog ScamSniffer proposed that malicious code had been injected via the site’s advertising components. A later update confirmed that the site’s “banner publishing system was briefly compromised.”

Security firm Blockaid identified an address within the drainer’s code, though the portfolio tracker Debank shows no activity.

Phishing attacks disguised as customer service

The attack on hardware wallet provider Trezor was somewhat more sophisticated, allowing the hackers to target specific email addresses with spoofed bait.

Important Update



We have identified a security issue where attackers abused our contact form to send scam emails appearing as legitimate Trezor support replies.



These scam emails appear legitimate but are a phishing attempt.



Remember, NEVER share your wallet backup — it must… — Trezor (@Trezor) June 23, 2025

Following assumptions that Trezor’s email system had been breached, a post to X clarified that the emails came from a compromised auto-reply feature of its contact forms.

Presumably using a leaked email list, scammers used the contact forms to prompt the seemingly legitimate automated response. Trezor now reassures that “the issue has been contained. Security is a continuous process. Stay vigilant.”

Such targeted attacks are made possible by leaked customer information, such as the large-scale data breach disclosed by Coinbase last month.

These leaks are a goldmine for crypto scammers, like the individual exposed earlier today by ZachXBT, who are able to target high-value marks more efficiently.

1/ An investigation into how the New York based social engineering scammer Daytwo/PawsOnHips (Christian Nieves) stole $4M+ from Coinbase users by impersonating customer support, bought luxury goods, and lost most of the funds gambling at casinos. pic.twitter.com/7PsP8ymPtO — ZachXBT (@zachxbt) June 23, 2025

The wider-net approach used on CoinMarketCap and Cointelegraph shows an escalation scale of front-end attacks, not uncommon on the websites of decentralized finance (DeFi) platforms.

Scammers now appear to be targeting the generally crypto-curious, via news and market info, rather than a more specific DeFi-active crowd.

Illustrating the ease with which an unsuspecting user could fall for the trap, one developer posted a “POV: you are getting drained” video to X, showing how few steps it takes to lose it all.

