CoinMarketCap has confirmed that it successfully removed a piece of malicious code that caused a fake wallet verification prompt to appear on its platform. The deceptive prompt, which appeared briefly on Friday, urged users to “verify wallet”—a common phishing tactic targeting crypto holders.
In a post on X (formerly Twitter), CoinMarketCap stated: “We’ve identified and removed the malicious code from our site,” while adding that its security teams are actively investigating the source of the breach. The company has not disclosed how the unauthorized code was introduced or whether any user data was compromised.
The update followed a flood of social media reports flagging the pop-up as suspicious. Within hours, CoinMarketCap publicly acknowledged the incident and urged users not to connect their wallets under any circumstances.
Security analysts say phishing scams like this exploit user trust in established platforms by using deceptive overlays or injected scripts to steal sensitive data such as private keys or wallet access.
As one of the most widely used crypto price-tracking sites globally, CoinMarketCap is now under pressure to provide a transparent follow-up, clarifying the breach and outlining plans to prevent future security lapses.
Wallet Providers Respond Swiftly to Phishing Threat
Leading wallet providers, including MetaMask and Phantom, moved quickly to block the malicious activity during the CoinMarketCap breach, helping protect users during the critical window of exposure.
Crypto user Jet was among the first to note that both wallets automatically flagged the suspicious pop-up as a security threat. Phantom even displayed a browser-level warning deeming the CoinMarketCap site “unsafe to use,” according to Cointelegraph.
The swift reaction from wallet providers highlights the growing importance of third-party extensions and integrations in frontline crypto security. Real-time detection and blocking mechanisms are now essential for user protection as phishing tactics become more sophisticated.
Security Concerns Resurface After Past Breach
This latest incident has revived concerns over CoinMarketCap’s security posture, coming nearly four years after its 2021 data breach that exposed over 3.1 million email addresses. Those leaked emails were later found circulating on dark web forums and indexed on “Have I Been Pwned.”
While CoinMarketCap has stated that no sensitive data was compromised in the recent attack, the memory of past failures has only intensified pressure on the platform to deliver long-term security reforms.
With phishing threats escalating across the crypto space, users and analysts alike are demanding better safeguards from industry leaders like CoinMarketCap.
Quick Facts
- CoinMarketCap removed malicious code prompting fake wallet pop-ups.
- Wallet providers MetaMask and Phantom flagged the threat immediately.
- No user data was confirmed stolen, but investigations are ongoing.
- CoinMarketCap faced a major data breach in 2021 affecting 3.1M users.
