22.06.2025
2 min
604
On June 22, CoinMarketCap confirmed that it had been the victim of a supply chain attack. Hackers exploited a vulnerability on the platform’s homepage to launch a fake Web3 pop-up and steal cryptocurrency from users’ wallets. At least 110 people were affected, with total losses of $43,266.
The incident began on the evening of June 20, when visitors to the CoinMarketCap website began seeing suspicious pop-ups purporting to connect to a Web3 wallet. In reality, these pop-ups were part of malicious JavaScript code that automatically withdrew funds from wallets. The company said the vulnerability was related to a “doodle” — an illustration on the homepage that contained a modified JSON file with a malicious script from the static.cdnkit[.]io domain.
After a public leak of a screenshot of the “drainer” control panel on Telegram, it became known that the hackers communicate in French, and active fundraising continued in real time. In total, more than $43,000 was stolen, and the campaign, according to experts, was aimed exclusively at Web3 wallets associated with CoinMarketCap users. The c/side firm that conducted the investigation emphasized that such attacks are difficult to detect, because they use trusted channels. Similar wallet-drainer scripts have already become commonplace — in 2024 they stole almost $500 million from more than 300,000 crypto wallets.
The CoinMarketCap attack demonstrates the critical vulnerability of even market leaders to third-party scripts. Supply chain threats are becoming increasingly dangerous: they are stealthy, exploit platform trust, and operate without traditional phishing. Every site that works with Web3 or API dependencies needs to rethink its approaches to external content and monitoring of active elements.
