Hackers utilized a vulnerability in CoinMarketcap’s front-end system using a seemingly harmless Doodle image to inject malicious code that triggered false walleting pop-ups on the entire site.
The violation, confirmed by CoinMarketcap, used its Backend API to deliver a manipulated JSON -Newly load that embedded JavaScript in the website according to Blockchain Security Firm CoinSpect Security.
On June 20, 2025, our security team identified a vulnerability related to a doodle image that was displayed on our website. This Doodle image contained a link that triggered malicious code through an API call, resulting in an unexpected pop-up for some users when visiting our website …
– CoinMarketcap (@CoinMarketcap) June 21, 2025
The script caused an unauthorized prompt that instructed users to “verify wallet”, a phishing tactic aimed at fooling visitors to transfer access to their crypto stocks.
The Blockchain security company is traced to the attack on the platform’s rotating “doodles” feature, which enabled attackers to integrate the malicious code without changing the site’s core infrastructure.
Pop-up was live for a short period of time before being removed by CoinMarketCap’s team.
“After the discovery, we immediately acted to remove the problematic content,” CoinMarketcap said in a statement sent to social media. “Comprehensive measures have been implemented to isolate and mitigate the problem.”
CoinMarketcap has not revealed how many users encountered pop-up or whether any wallets were compromised.
