Crypto publishing giant Cointelegraph has been the victim of a huge security attack, with hackers compromising its site by adding malicious code that redirected users to a fake airdrop pop-up—ultimately draining unsuspecting users' wallets. The June 23, 2025, attack points to how much more sophisticated wallet-sucking scams are becoming and the necessity for tighter security protocols in the Web3 publishing sector. How the Attack Evaded Defenses The exploit started when hackers broke into Cointelegraph's advertisement system, injecting malicious JavaScript code into the front-end of the website. In contrast to traditional phishing emails or social media DMs, this attack leveraged a trusted news portal, showing a compelling pop-up directly on Cointelegraph.com. The pop-up informed users that they had been ”randomly selected” to participate in a new token giveaway, awarding 50,000 ”CTG” tokens (worth over $5,000) as part of a ”fair launch initiative.” The interface mimicked real airdrop campaigns, such as Cointelegraph branding, countdown timer, and requests to connect a crypto wallet. To appear even more legitimate, the scam quoted an imaginary CertiK audit and fabricated token price metrics. The malicious code was delivered through Cointelegraph's ad partner, so it was essentially impossible for visitors to distinguish the scam from a genuine promotion. Once a visitor had connected his wallet, the script could automatically trigger approvals and transfers—allowing hackers to rapidly and quietly drain funds. Confirmed On-Chain Losses and the Size of the Attack Blockchain security firms like Scam Sniffer and SlowMist quickly alerted the attack, made public announcements, and examined the injected code. While a full scope of the damages remains to be tallied, on-chain inspection confirms that several wallets were drained in minutes of the attack going live. There isn't any CTG token on any major blockchain or exchange, and no sign of an official Cointelegraph airdrop. The attack duplicated a near-identical assault on CoinMarketCap mere days prior, where malicious JavaScript was injected via a front-end promotional box. In both cases, attackers targeted the ad delivery infrastructure of the platforms, bypassing critical infrastructure security and preying on users' trust in leading crypto news websites. Why Web3 Publishers Are Now Prime Targets This attack speaks to a new generation of threats: no longer phishing on social media or email—now attackers are hijacking the very sources users turn to for crypto news and information. Ad-based attacks are especially dangerous because they are seamlessly baked into the user experience, exposing even seasoned readers to the risk. Cointelegraph has since removed the malicious code, warned on X, and committed to strengthening its security controls. But the attack should be a wake-up call to all Web3 publishers: third-party ad systems and analytics scripts are valuable targets, and even most trusted sites can be attacked. Security Measures Required for Web3 Publishers In order to prevent such attacks, crypto publishers must: Test all third-party ad and analytics code for vulnerabilities. Impose real-time tracking and alerts on unauthorized script changes. Use rigorous content security policies (CSP) to block untrusted scripts. Run frequent penetration tests simulating ad-based and front-end attacks. Educate users never to connect wallets or insert keys on pop-ups—regardless of trusted sites. How Users Can Protect Themselves For users, caution is key. Never associate your wallet or enter seed phrases in response to pop-ups, even on trusted websites. Always verify the legitimacy of airdrops via official project sources and cross verify token contract addresses. Use browser extensions like Scam Sniffer and MetaMask's phishing warning to flag malicious sites and scripts. Bottom Line The Cointelegraph hack serves as a dark reminder that even the safest crypto platforms can become attack vectors. As wallet-draining scams grow more advanced, publishers and users must implement new security habits—or become the next victim in an evolving Web3 threat landscape.
