CoinMarketCap Supply Chain Hack Drains Crypto Wallets

Fake Wallet Popup Targets Crypto Users

CoinMarketCap, a trusted crypto data platform, was recently targeted in a supply chain attack. The breach led to users being shown fake Web3 wallet popups. Those who connected wallets through the popup had their cryptocurrency stolen.

The attackers used a vulnerability linked to a “doodle” image on the site’s homepage. This image included a malicious API call that triggered the fake wallet request. CoinMarketCap confirmed the script was active for a short time on June 20, 2025. Their security team responded quickly, removing the threat and restoring secure operations.

Malicious Script Stole Over $43K

Cybersecurity firm c/side revealed that the breach injected code from an external domain, static.cdnkit[.]io. This code presented users with a popup that imitated a real Web3 connection. The attackers stole assets from 110 wallets, totaling $43,266.

Unlike server breaches, this was a supply chain attack. That means the exploit came through a third-party tool or service, not CoinMarketCap’s servers. This kind of threat is difficult to spot since it uses trusted site elements to deploy malicious code.

Wallet Drainers Pose Growing Threat

Wallet drainer tools are now a serious problem in the crypto space. They often appear in online ads, browser extensions, and spoofed websites. These scripts are engineered to mimic real wallet interfaces, convincing users to grant access to their assets.

In 2024, nearly $500 million was stolen using such tools. Over 300,000 wallets were affected. As a response, Mozilla has begun screening browser extensions for signs of wallet drainers.

The CoinMarketCap incident highlights the rising risk of supply chain attacks in Web3 platforms. Vigilance and stronger third-party controls are now essential for any site handling digital assets.