Pirates have exploited a vulnerability in the CoinMarketCap frontal system, using an apparently harmless doodle image to inject malicious code that triggered contexts for checking false wallets on the site.
The breach, confirmed by CoinMarketCap, used its backend API to deliver a hand -manipulated JSON payload which integrated JavaScript into the home page according to the blockchain security company, SECURITY COINTS.
On June 20, 2025, our security team identified a vulnerability linked to a doodle image displayed on our home page. This Doodle image contained a link that sparked a malicious code via an API call, which led to an unexpected contextual window for certain users when visiting our home page.…
– Coinmarketcap (@coinmarketcap) June 21, 2025
The script caused an unauthorized prompt by asking users to “check the portfolio”, a phishing tactic to encourage visitors to put access to their crypto farms.
The blockchain security company retraced the attack on the rotary “doodles” function of the platform, which allowed the attackers to incorporate the malicious code without modifying the central infrastructure of the site.
The pop-up was live for a short period before being withdrawn by the CoinmarketCap team.
“During the discovery, we immediately acted to delete problematic content,” said CoinmarketCap in a press release published on social networks. “Complete measures have been implemented to isolate and alleviate the problem.”
Coinmarketcap has not revealed how many users have met the contextual window or if wallets have been compromised.
