CoinTelegraph Hacked then Show Fake Airdrop Information, Beware

2025-06-23

On June 23, 2025, blockchain security firm Scam Sniffer sounded the alarm: the front end of CoinTelegraph—one of crypto’s largest news outlets—had been compromised. Users visiting the site were greeted with an inescapable pop‑up promising an exclusive “airdrop.” The message urged immediate wallet connection, but it was pure fraud.

Within hours, screenshots and warnings spread across social media, yet many visitors had already interacted with the malicious prompt. Below is a detailed look at how the attack unfolded, why it matters, and how you can keep your funds safe.

The Anatomy of the Attack

The breach appears to have targeted CoinTelegraph’s content delivery layer rather than its core servers. By injecting a script into the site’s front end, attackers forced every page load to deliver the same pop‑up. Because the message mimicked CoinTelegraph’s brand voice and design, unsuspecting readers found it credible. Once a user clicked “Claim Airdrop,” the script attempted to trigger wallet permissions that could drain assets across multiple chains.

Immediate User Impact

Traffic logs suggest thousands of visits before the warning went viral. Early victims reported unauthorized token transfers and NFT listings executed via blind signature approvals. Although the exact sum siphoned remains undisclosed, security analysts caution that funds could still be at risk if malicious contracts linger in connected wallets.

CoinTelegraph’s Response

Minutes after Scam Sniffer’s alert, CoinTelegraph acknowledged the incident on its official X account, advising readers not to interact with any pop‑ups and promising a full forensic review. The team temporarily disabled certain site functions and urged users to clear browser caches and revoke suspicious wallet approvals using tools like Revoke.cash.

Wider Security Implications

Front‑end compromises have become a favored attack vector in 2025, exploiting trust in familiar domains. Even reputable outlets can be weaponized when third‑party scripts or outdated CMS plugins are left unpatched. The CoinTelegraph incident underscores the necessity of zero‑trust browsing habits, hardware wallet usage, and vigilant permission management.

Staying Safe After the Breach

If you visited CoinTelegraph during the breach window, immediately review your wallet’s transaction history and connected dApp permissions. Revoke any unfamiliar approvals and transfer remaining assets to a secure address. Going forward, treat unexpected airdrop offers with skepticism—especially those delivered via intrusive pop‑ups.

Conclusion

CoinTelegraph’s hack serves as a stark reminder that no site is immune to exploitation. Phishing campaigns now leverage trusted brands to lower defenses. By practicing strict wallet hygiene and staying informed through credible security channels, you can sidestep the traps laid by increasingly sophisticated attackers.

FAQs

1. What should I do if I clicked on the fake airdrop?

Immediately revoke permissions using tools like Revoke.cash, move funds to a new wallet, and run a malware scan on your browser/device.

2. Was any user data stolen in the CoinTelegraph hack?

As of now, there’s no official report of user data theft, but asset access was attempted through wallet permissions.

3. How can I spot fake airdrops in the future?

Avoid pop-ups asking for wallet connections, double-check URLs, and confirm promotions via a project’s verified social channels.

4. Is CoinTelegraph safe to use again?

CoinTelegraph has taken steps to secure the platform, but users should always remain cautious and avoid signing any transactions without verification.