CoinMarketCap has taken down a fake popup that was prompting users to “verify” their crypto wallets—a move many quickly flagged as a phishing attempt, as reported by Cointelegraph. The alert appeared on the site on Friday and was removed within a few hours, the company said in a post on X.
“We’ve identified and removed the malicious code from our site,” the post read. The team added that it’s still investigating the incident and plans to improve its security.
The popup led to a wave of warnings across social media, with crypto users urging others not to click on anything suspicious. Many described the message as a classic wallet phishing trick—an attempt to get users to share private keys or approve actions that drain their funds.
Phishing scams are getting harder to spot
These kinds of scams often show up as urgent prompts—giveaways, airdrops, or wallet verification requests—designed to look like they’re from known crypto brands or influencers. Scammers either hijack verified accounts or create convincing fakes. Then, they post links that lead users to fake login pages or smart contract approval windows.
One user on X flagged a fake $SONIC airdrop on May 29 and warned others not to interact with the link. Posts like these tend to look real, especially when they come from familiar names or use near-identical URLs. A single click or approval can hand control of a wallet over to the attacker.
Another crypto user, Auri, said the CoinMarketCap popup asked people to connect their wallet, then prompted approvals for ERC-20 tokens. That’s often how scammers gain access to user funds without needing a password or seed phrase.
Wallet extensions respond quickly
Users reported that MetaMask and Phantom—two popular digital wallets—had already flagged the CoinMarketCap site as unsafe during the incident. Phantom browser extensions began showing a warning that the site was not secure.
At the time of writing, CoinMarketCap hasn’t provided further technical details about how the code was injected or whether user data was affected. It’s also not clear how many users interacted with the popup before it was removed.
The situation raised concerns partly because this isn’t the first security issue for CoinMarketCap. In 2021, the platform was breached, and more than 3.1 million email addresses were leaked. That data was later found circulating on hacking forums, as confirmed by Have I Been Pwned.
Why crypto users remain high-risk targets
Phishing continues to be a major threat in crypto. Blockchain transactions are fast and final. Once assets are moved, there’s no way to recover them. Many people also use hot wallets—browser-connected wallets that are easier to use but also more exposed to scams.
The rise of NFTs and DeFi projects has added new entry points for attackers. Approving a malicious smart contract—sometimes disguised as a normal transaction—is all it takes for a wallet to be emptied. And because these attacks often mimic official websites and messages, even experienced users can fall for them.
CoinMarketCap has reminded users not to connect their wallets unless they’re sure a site or popup is legit. For now, the company says its security team is still reviewing the issue.
(Photo by Mika Baumeister)
See also: Crypto licences divide EU regulators
Explore upcoming enterprise technology events and webinars powered by TechForge here.
