CoinMarketCap, a top platform for tracking cryptocurrency prices, has officially announced that it has eliminated a harmful wallet verification pop-up from its website, which had raised concerns of a potential phishing attempt among crypto users.
In a message posted on its verified X account (previously Twitter), CoinMarketCap confirmed, “We’ve detected and deleted the malicious code from our platform.” This notice followed user complaints about a suspicious “Verify Wallet” prompt that closely resembled authentic wallet connection requests.
The pop-up urging users to link their crypto wallets and authorize token access was quickly identified as a phishing attack. Observers pointed out that its design closely mirrored legitimate wallet prompts from platforms like MetaMask and Phantom, yet its true intent was to extract private keys or secure illicit token approvals.
User @auri shared, “It requests wallet connection followed by ERC-20 token approvals,” which aligns with common phishing tactics seen in the crypto industry.
Both MetaMask and Phantom, widely used wallet extensions, responded swiftly to the threat. According to Cointelegraph-verified reports, Phantom issued a red warning labeling the CoinMarketCap site as “unsafe to use.”
The platform addressed the situation within a few hours, confirming awareness of the incident and reassuring users that measures were underway to investigate and mitigate future risks.
In an official update, CoinMarketCap stated, “Our team is actively reviewing the matter and implementing enhanced security protocols.”
The recent event comes after a previous breach in October 2021, when CoinMarketCap was compromised and more than 3.1 million user email addresses were leaked and later discovered on hacker forums. This breach was reported by Have I Been Pwned, a reputable service that monitors credential leaks and data breaches.
While the current phishing threat was quickly contained, the repeated security issues have reignited concerns over user privacy and the platform’s overall reliability.
At present, CoinMarketCap urges users to refrain from linking their wallets via questionable pop-ups and to confirm all wallet activities through reliable sources. The platform also cautions users against interacting with unsolicited links or granting token approvals to unfamiliar requests, particularly during high market activity or viral events.
This incident highlights the persistent cybersecurity risks within the crypto space. As phishing attacks increasingly target major platforms, staying informed, practicing secure wallet management, and heeding browser extension alerts are essential protective measures.
