Popular cryptocurrency price tracker CoinMarketCap suffered a website supply chain attack that exposed site visitors to a malicious wallet drainer campaign, resulting in over $43,000 stolen from unsuspecting users.
The attack began on Friday evening, January 20, when users noticed suspicious Web3 wallet connection popups while visiting the site. When victims connected their wallets, a hidden script silently drained their cryptocurrency. According to CoinMarketCap, the breach was traced to a vulnerability involving a “doodle” image on its homepage, which was exploited to inject malicious JavaScript via a tampered API call.
“This doodle image contained a link that triggered malicious code through an API call,” CoinMarketCap confirmed in a statement. “Upon discovery, we acted immediately to remove the problematic content and implemented comprehensive mitigation steps.”
Cybersecurity firm c/side revealed that the attackers inserted a wallet drainer script using a malicious payload served from an external domain: static.cdnkit[.]io. The fake pop-up used CoinMarketCap branding and mimicked a legitimate request to connect to a Web3 wallet.
A hacker using the alias Rey shared details of the attack on Telegram, including a screenshot of the drainer panel, which confirmed $43,266 was stolen from 110 victims. The attackers appeared to be French-speaking, as indicated by the language in the panel.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
