Crypto News Site Cointelegraph Hacked in Fraudulent Token Scam

Cointelegraph users were hit with a deceptive front-end exploit over the weekend that used a fake token giveaway to target wallets, leveraging the site’s own branding to add credibility.

The malicious pop-up claimed visitors had been selected to receive 50,000 “CTG” tokens, supposedly worth nearly US$5,500 (AU$8,506) as part of a fabricated “fair launch” campaign, encouraging users to connect their wallets and using fake audit references and doctored price data to reinforce the illusion. 

The entire setup mimicked a legitimate airdrop, even down to the layout and visual identity and everything.

Related: Forgotten Playland Brings NFTs and Blockchain to Social Gaming on Beam Network

How it Unfolded

The exploit didn’t come from Cointelegraph’s main systems, according to security researchers. The attackers gained access through a third-party advertising integration, slipping in rogue JavaScript code via the site’s ad infrastructure. 

Cointelegraph acknowledged the attack Sunday night, issuing a warning to avoid wallet connections or any interaction with pop-ups.

The attack is similar to the incident that hit CoinMarketCap just days earlier, where attackers used similar techniques to stage a fake giveaway through injected front-end scripts. The parallel timing suggests a coordinated shift in phishing tactics, which is now more toward compromised ad networks on real sites.

These attacks exploit user trust in recognised platforms (even I believed it), therefore blending real branding with social engineering and compromised ad channels. 

Even high-traffic crypto websites are proving vulnerable at the supply chain edge. Recall that a few days ago, a massive security data breach leaked over 16 billion login credentials for Facebook, Google, Telegram, and more, as per a report by Cybernews.

Related: Bull Market Nears Exhaustion? On-Chain Data Shows Big Players Dominate as Retail Activity Fades