Users visiting the Cointelegraph website on Sunday were confronted with a deceptive pop-up claiming they had won token rewards. The pop-up message appeared to be part of a legitimate Cointelegraph promotion and told visitors they had been randomly selected to receive 50,000 “CTG” tokens, valued at over $5,000. The offer seemed polished and convincing, featuring the company’s branding and interface elements that mimicked real airdrop campaigns. It included a countdown timer and prompts to connect crypto wallets, standard elements in genuine token distribution efforts. However, the entire experience was fabricated by attackers. A similar front-end attack appeared on CoinMarketCap over the weekend. Security Firm Flags CoinTelegraph Frontend Hack Originating From Ad System Scam Sniffer, a blockchain security firm, flagged the breach and posted a public alert, warning that Cointelegraph’s frontend had been compromised. “Please be cautious,” the firm tweeted, alongside screenshots of the injected code and the fake airdrop interface. The scam was likely designed to trick users into granting wallet permissions, ultimately allowing hackers to drain all funds. Cointelegraph later confirmed the breach and issued a warning . The company urged users not to interact with the fraudulent pop-up and emphasized that it has never issued a “CTG” token or launched an initial coin offering. It also assured readers that a fix was underway. 🚨 ALERT: We are aware of a fraudulent pop-up falsely claiming to offer “CoinTelegraph ICO Airdrops” or “CTG tokens” that are appearing on our site. DO NOT: – Click on these pop-ups – Connect your wallets – Enter any personal information We are actively working on a fix. — Cointelegraph (@Cointelegraph) June 23, 2025 According to Scam Sniffer, the malicious JavaScript code came from the site’s advertising system rather than its core infrastructure. Hackers Shift From Emails to Embedded Ads as Scam Tactics Evolve The file, served via Cointelegraph’s ad partner, contained wallet-draining scripts disguised as standard ad delivery code. This technique has become more common in recent months as attackers seek to exploit vulnerabilities in trusted platforms’ third-party systems. 🚨 CoinTelegraph's frontend has been compromised. Please be cautious. pic.twitter.com/sH025Zek8p — Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) June 23, 2025 The scam interface showed a fake reward worth $5,490 and labeled the transaction process as “secure,” “instant,” and “verified.” Once users clicked to connect their wallet, the script triggered a function that could initiate approvals and transfers without the user’s informed consent. These types of attacks are particularly dangerous because they appear on well-known, trusted websites. Many users assume such platforms have adequate security measures and may let their guard down. This makes ad-based exploits far more effective than phishing links sent through email or social media. Fake CTG Token Never Existed on Major Exchanges or Blockchains The CTG token mentioned in the scam does not exist on CoinMarketCap, CoinGecko, or any legitimate exchange. Neither is there a record of it on Ethereum or other major blockchains. These red flags may be obvious to veteran users, but newer entrants to the space are often unaware of what to look for in a legitimate token offering. Similar breaches have been reported across the crypto space. CoinMarketCap too experienced a comparable incident this month, where attackers embedded a wallet-draining link into a front-facing promo box on the site. In that case too, the compromise stemmed from third-party code, not the core platform. As more crypto companies depend on external ad services, their surfaces for attack increase dramatically. Even if a platform is secure at the application level, malicious scripts delivered through external partners can easily bypass protections. The growing trend has prompted calls for stricter auditing of third-party integrations and more robust sandboxing of external content.Users visiting the Cointelegraph website on Sunday were confronted with a deceptive pop-up claiming they had won token rewards. The pop-up message appeared to be part of a legitimate Cointelegraph promotion and told visitors they had been randomly selected to receive 50,000 “CTG” tokens, valued at over $5,000. The offer seemed polished and convincing, featuring the company’s branding and interface elements that mimicked real airdrop campaigns. It included a countdown timer and prompts to connect crypto wallets, standard elements in genuine token distribution efforts. However, the entire experience was fabricated by attackers. A similar front-end attack appeared on CoinMarketCap over the weekend. Security Firm Flags CoinTelegraph Frontend Hack Originating From Ad System Scam Sniffer, a blockchain security firm, flagged the breach and posted a public alert, warning that Cointelegraph’s frontend had been compromised. “Please be cautious,” the firm tweeted, alongside screenshots of the injected code and the fake airdrop interface. The scam was likely designed to trick users into granting wallet permissions, ultimately allowing hackers to drain all funds. Cointelegraph later confirmed the breach and issued a warning . The company urged users not to interact with the fraudulent pop-up and emphasized that it has never issued a “CTG” token or launched an initial coin offering. It also assured readers that a fix was underway. 🚨 ALERT: We are aware of a fraudulent pop-up falsely claiming to offer “CoinTelegraph ICO Airdrops” or “CTG tokens” that are appearing on our site. DO NOT: – Click on these pop-ups – Connect your wallets – Enter any personal information We are actively working on a fix. — Cointelegraph (@Cointelegraph) June 23, 2025 According to Scam Sniffer, the malicious JavaScript code came from the site’s advertising system rather than its core infrastructure. Hackers Shift From Emails to Embedded Ads as Scam Tactics Evolve The file, served via Cointelegraph’s ad partner, contained wallet-draining scripts disguised as standard ad delivery code. This technique has become more common in recent months as attackers seek to exploit vulnerabilities in trusted platforms’ third-party systems. 🚨 CoinTelegraph's frontend has been compromised. Please be cautious. pic.twitter.com/sH025Zek8p — Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) June 23, 2025 The scam interface showed a fake reward worth $5,490 and labeled the transaction process as “secure,” “instant,” and “verified.” Once users clicked to connect their wallet, the script triggered a function that could initiate approvals and transfers without the user’s informed consent. These types of attacks are particularly dangerous because they appear on well-known, trusted websites. Many users assume such platforms have adequate security measures and may let their guard down. This makes ad-based exploits far more effective than phishing links sent through email or social media. Fake CTG Token Never Existed on Major Exchanges or Blockchains The CTG token mentioned in the scam does not exist on CoinMarketCap, CoinGecko, or any legitimate exchange. Neither is there a record of it on Ethereum or other major blockchains. These red flags may be obvious to veteran users, but newer entrants to the space are often unaware of what to look for in a legitimate token offering. Similar breaches have been reported across the crypto space. CoinMarketCap too experienced a comparable incident this month, where attackers embedded a wallet-draining link into a front-facing promo box on the site. In that case too, the compromise stemmed from third-party code, not the core platform. As more crypto companies depend on external ad services, their surfaces for attack increase dramatically. Even if a platform is secure at the application level, malicious scripts delivered through external partners can easily bypass protections. The growing trend has prompted calls for stricter auditing of third-party integrations and more robust sandboxing of external content.