Cointelegraph Website Hacked in Crypto Airdrop Scam

Cointelegraph has confirmed a major front-end exploit on its website that promoted a fake token airdrop, tricking users into connecting their crypto wallets and exposing them to theft. The fraudulent pop-up falsely claimed users had been selected for a “fair launch initiative,” promising nearly $5,500 worth of tokens in exchange for wallet access. It even cited a bogus audit by blockchain security firm CertiK to add legitimacy.

The outlet acknowledged the breach in a statement on X, warning users not to interact with the pop-up or provide personal information. Cointelegraph said it is actively working to resolve the issue.

This attack closely resembles a similar exploit on CoinMarketCap earlier in the week. In that case, malicious code injected into the website prompted visitors to connect their wallets for “verification.” Both incidents reflect a growing trend of phishing scams using compromised user interfaces on trusted crypto platforms.

The rise of such attacks underscores increasing threats in the crypto space. According to TRM Labs, phishing schemes and malware-based infrastructure attacks accounted for 70% of the $2.2 billion stolen in crypto hacks in 2024 alone.

Adding to the concern, researchers recently disclosed a massive data dump of over 16 billion stolen login credentials. The leaked trove, likely compiled through infostealer malware and credential stuffing, includes access to Google, Telegram, Facebook, and GitHub accounts.

Cybersecurity firm Cisco Talos also reported that North Korea-linked hacker group “Famous Chollima” is targeting crypto professionals with fake job offers to spread a Python-based remote access trojan, PylangGhost. These scams typically use social platforms like LinkedIn to lure victims and plant malware disguised as Web3 projects.

As attacks grow more sophisticated, crypto users are urged to stay vigilant and avoid connecting wallets through unverified pop-ups or suspicious job offers.