Cointelegraph Website Compromised To Promote ICO Airdrops And CTG Tokens

Cointelegraph, a crypto news platform, has admitted to its website being hacked but has assured readers that it was actively working on a fix.

In a post on X, Cointelegraph wrote

"We are aware of a fraudulent pop-up falsely claiming to offer CoinTelegraph ICO Airdrops or CTG tokens that are appearing on our site. Do not click on these pop-ups, connect your wallets, or enter any personal information."

A number of users claimed that the website's homepage displayed malicious pop-ups falsely claiming that they were the lucky winner of a lucrative token giveaway, purportedly as part of a "fair launch initiative" by cointelegraph to reward loyal readers.

The scam displayed a fabricated token price and promised participants nearly $5,500 worth of tokens if they connected their crypto wallets.

To bolster its credibility, the pop-up also falsely referenced a security audit from blockchain firm CertiK.

At the time of publishing, Cointelegraph's official domain was showing a warning ahead of visiting the homepage for those who have installed the MetaMask wallet.

This critical message shows that opening the website might risk users' secret recovery phrases or passwords, or it might urge them to sign malicious transactions resulting in stealing assets.

Same Pattern, Same Hackers

This incident mirrors a nearly identical attack on CoinMarketCap just two days prior, where visitors were prompted to connect their wallets for verification purposes.

In both cases, attackers injected malicious code into the platforms’ front ends—likely through compromised ad infrastructure—enabling them to hijack trusted websites and bypass user skepticism. Once users connected their wallets, attackers could drain funds almost instantly.

Security experts warn that these tactics represent a growing wave of phishing attacks targeting crypto platforms via compromised user interfaces. According to blockchain intelligence firm TRM Labs, phishing schemes and malware-based infrastructure attacks accounted for 70% of the $2.2 billion stolen in crypto-related hacks during 2024.

The Cointelegraph exploit comes amid heightened concerns over cybersecurity in the crypto sector. Just days earlier, security researchers disclosed a massive data dump containing over 16 billion stolen login credentials, including access to accounts on major platforms such as Google, Telegram, Facebook, and GitHub.

This trove was likely compiled from a mix of infostealer malware, credential stuffing, and previous leaks.

Meanwhile, North Korean hackers have been targeting crypto professionals with elaborate fake job interviews, deploying malware such as the new Python-based remote access trojan “PylangGhost.”

These campaigns highlight the increasingly sophisticated and diverse methods being used to exploit both individuals and organizations in the digital asset space.

In light of these threats, users are urged to remain vigilant, avoid interacting with unsolicited pop-ups or wallet connection prompts, and regularly monitor their wallet activity.

Cointelegraph and CoinMarketCap have both taken steps to remove the malicious code and restore security, but the incidents underscore the urgent need for enhanced protections across the Web3 ecosystem.