Cointelegraph Phishing Hack: Be Careful Readers!

The cryptocurrency community was shaken recently by a phishing hack targeting Cointelegraph, one of the most popular crypto news platforms. On June 22, 2025, users visiting Cointelegraph’s website were confronted with a fake pop-up promoting a counterfeit “Cointelegraph Token (CTG)” ICO.

This malicious pop-up urged visitors to link their crypto wallets, which resulted in hackers gaining unauthorized access and draining users' funds. The breach exploited Cointelegraph’s advertising system by injecting harmful JavaScript code disguised in banner ads.

Key Takeaways

• Cointelegraph’s website front-end was compromised, exposing users to a phishing scam via a fake CTG token pop-up.
• Users who linked their wallets through the pop-up had their crypto assets stolen.
• The attack involved malicious JavaScript embedded within an advertising banner from a suspicious domain.
• Cointelegraph immediately warned users and launched an investigation to remove the threat.
• A similar attack hit CoinMarketCap days earlier, suggesting a coordinated phishing campaign targeting crypto sites.
• Users are strongly advised to avoid linking wallets to unknown apps and to verify website integrity before any interaction.

Register now on Bitrue — a trusted crypto exchange used by millions worldwide. Bitrue gives you access to hundreds of tokens, low-fee trading pairs, and high-yield staking opportunities. Whether you're buying Bitcoin, trading altcoins, or exploring new DeFi projects, Bitrue makes it easy to get started. Sign up today and start your crypto journey in minutes.

What Happened in the Cointelegraph Hack?

The attack was a sophisticated front-end breach where a malicious JavaScript payload was delivered via Cointelegraph’s ad system. This code generated a fraudulent pop-up asking users to connect their wallets to claim CTG tokens.

Once a user connected their wallet, the hacker gained control, allowing them to transfer out all the funds quickly. This type of wallet phishing scam relies on tricking users into authorizing malicious decentralized applications (dApps).

Similar Incident at CoinMarketCap

Just two days prior, CoinMarketCap faced a nearly identical phishing attack involving a rogue pop-up triggered by a compromised doodle image on their homepage.

The malicious code generated a wallet connection prompt to steal assets, affecting at least 39 users and resulting in losses totaling over $18,000.

Both incidents share similar tactics, pointing towards an organized campaign exploiting trusted crypto websites through third-party advertising vulnerabilities.

How Are Platforms Responding?

Cointelegraph has been proactive, issuing public warnings not to engage with any CTG token pop-ups or ICO claims on their site. They are working to remove the malicious scripts and strengthen ad security.

CoinMarketCap also promised to reimburse victims and enhance their system defenses. Both platforms have reinforced their security to prevent further breaches.

How to Protect Yourself From Phishing Scams

1. Never connect your wallet to suspicious or unknown websites or pop-ups.
2. Always verify URLs and ensure you are on the official site before interacting with wallet prompts.
3. Use hardware wallets for added security and avoid storing large amounts of crypto in hot wallets.
4. Enable two-factor authentication (2FA) wherever possible.
5. Regularly review your wallet transactions and revoke access for unknown dApps via your wallet provider.
6. Stay updated with official news channels and community alerts.

The Bigger Picture: Growing Risks for Crypto Users

These attacks highlight the increasing risks in the crypto space, especially when trusted websites become vectors for phishing.

With growing adoption, scammers are becoming more sophisticated, targeting user trust by hijacking legitimate platforms.

The crypto community must remain vigilant and adopt best practices to protect assets from emerging threats.

Final Thoughts

The Cointelegraph phishing hack serves as a stark reminder that no platform is immune to cyber threats. Users must exercise extreme caution before linking wallets or interacting with pop-ups.

By staying informed, using secure wallet practices, and scrutinizing every transaction, crypto investors can minimize risks.

As platforms work to patch vulnerabilities, the responsibility of security also rests heavily on each user.

Frequently Asked Questions (FAQs)

What is the Cointelegraph phishing hack?

It was a security breach where a fake pop-up appeared on Cointelegraph’s website, tricking users into linking their wallets to a fraudulent CTG token ICO, resulting in stolen funds.

How did hackers steal funds from users?

By convincing users to authorize wallet connections through malicious scripts, hackers gained permission to transfer out users’ crypto assets.

Is this scam related to CoinMarketCap’s recent hack?

Yes, both used similar JavaScript-based exploits embedded in advertising or site images, suggesting a coordinated phishing campaign.

How can I avoid falling victim to similar scams?

Never connect wallets to unknown sites or pop-ups, verify website URLs, use hardware wallets, enable 2FA, and monitor wallet permissions regularly.

Are platforms compensating victims?

CoinMarketCap has committed to reimbursing affected users. Cointelegraph is investigating and removing malicious code but no specific compensation announcements yet.

Where can I find official updates on such hacks?

Follow official social media accounts and websites of Cointelegraph, CoinMarketCap, and trusted crypto security firms for timely updates.