Cointelegraph Joins The Victim List—Who’s Behind The Crypto Hacks?

Visitors to Cointelegraph were caught off guard on Sunday when a slick pop-up claimed they’d won 50,000 “CTG” tokens worth over $5,000.

The message looked real, complete with Cointelegraph branding and familiar airdrop elements. Many users were prompted to connect their crypto wallets before the scam was revealed.

By the time the fake offer disappeared, unsuspecting visitors had already clicked through, risking their funds.

🚨 ALERT: We are aware of a fraudulent pop-up falsely claiming to offer “CoinTelegraph ICO Airdrops” or “CTG tokens” that are appearing on our site.

DO NOT:
– Click on these pop-ups
– Connect your wallets
– Enter any personal information

We are actively working on a fix.

— Cointelegraph (@Cointelegraph) June 23, 2025

Fake Airdrop Interface

According to Scam Sniffer, the bogus pop-up included a countdown timer and buttons that felt just like a standard token drop. It even showed a reward worth $5,490 and labeled the process “secure,” “instant,” and “verified.”

Based on reports, none of those descriptions were true. There is no CTG token on CoinGecko, CoinMarketCap, or any major blockchain explorer. That should have been a red flag.

🚨 CoinTelegraph’s frontend has been compromised. Please be cautious. pic.twitter.com/sH025Zek8p

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) June 23, 2025

Attack Via Ad System

Security experts traced the malicious JavaScript back to Cointelegraph’s ad partner rather than its core website code.

Cointelegraph later confirmed that the breach came through its advertising system and not a flaw in its main infrastructure.

A similar hack hit CoinMarketCap over the same weekend, showing that attackers are now focusing on trusted ad networks to slip in harmful scripts.

BTC is currently trading at $101,228. Chart: TradingView

Wallet Draining Threat

Once a user clicked “connect,” the hidden code could trigger wallet approvals and transfers without clear consent.

Effectively, hackers have blanket permission to transfer money out of a wallet in seconds. This approach is riskier than standard phishing emails because they sneak up on individuals unexpectedly on sites they trust.

Calls For Improved Defenses

As these ad-based attacks become increasingly prevalent, crypto platforms come under pressure to lock down all third-party integrations.

Experts recommend more rigorous audits of ad code, sandboxing of third-party scripts, and real-time monitoring of site activity. On the end-user side, installing ad blockers or script-blocking add-ons would preclude these stealth threats.

Based on what transpired this weekend, it’s apparent that attackers have changed their modus operandi from email cons to front-end hacks on prominent sites. Cointelegraph and CoinMarketCap are only the latest victims.

Featured image from Unsplash, chart from TradingView