Phishing Wave Hits Major Crypto Info Sites — Don’t Connect Your Wallet!
Date: 2025-06-23
A New Phishing Wave: What You Need to Know
Binance founder Changpeng Zhao (CZ) has issued a warning about a fresh phishing campaign that is compromising popular crypto information websites. The attackers inject malicious code into trusted sites, displaying pop-ups that urge users to "connect their wallet" to claim fake tokens or participate in fake airdrops.
How the Attacks Work
Cointelegraph Compromise
A fake pop-up appeared on the site promising “Cointelegraph ICO Airdrops” and $5,500 worth of CTG tokens.
It referenced a fake "fair launch" and even cited a bogus CertiK audit.
The goal? Trick users into connecting their wallets, granting attackers access.
CoinMarketCap Breach
Similar pop-ups urged users to "verify their wallet" via MetaMask or Phantom.
MetaMask issued a warning about the phishing attempt.
CMC quickly removed the malicious code and improved its security.
Fake Google Ads
Attackers also used Google Ads to display fake Aave links, leading to phishing sites.
Users who connected wallets lost funds instantly.
These sites were designed to mimic real DeFi platforms with alarming accuracy.
Key Risks
Even trusted sites can be exploited through front-end attacks.
Fake airdrops, token offers, and wallet verification prompts are common bait.
Attackers use names like CertiK or “verified project” to build false credibility.
Once your wallet is connected to a malicious site, your funds can be drained.
How to Stay Safe
Never connect your wallet through unexpected pop-ups.
Verify the URL and domain before interacting with a site.
Avoid connecting wallets through ads — always go directly to the official site.
Use browser extensions like MetaMask and Phantom to block known phishing links.
Watch for alerts from trusted wallets or platforms warning about current scams.
Final Thoughts
This wave of phishing attacks shows how vulnerable even the biggest names in crypto media can be. Don’t let urgency or fake offers cloud your judgment. Always double-check the source, use cold wallets for storing large sums, and treat any wallet connection request as potentially dangerous.
One click can drain your wallet. Stay informed. Stay safe.
