Cointelegraph, a major player in cryptocurrency news, has become a victim of a serious cyber attack that revealed vulnerabilities in web information security.
How the Attack Happened
The attack began when hackers breached Cointelegraph's advertisement system, injecting malicious JavaScript code into the front-end of the website. Unlike traditional phishing attempts, this leveraged a trusted news portal, displaying a credible pop-up directly on Cointelegraph.com.
The pop-up informed users that they had been “randomly selected” to participate in a new token giveaway, offering 50,000 “CTG” tokens as part of a “fair launch initiative.” The interface mimicked real airdrop campaigns with Cointelegraph branding, countdown timers, and requests to connect a crypto wallet.
Confirmed Losses and the Scale of the Attack
Blockchain security firms such as Scam Sniffer and SlowMist quickly notified about the attack, made public announcements, and analyzed the injected code. While the full extent of damages is yet to be assessed, blockchain analysis confirmed that several wallets were emptied within minutes of the attack going live.
There is no CTG token on any major blockchain or exchange, and no sign of an official Cointelegraph airdrop.
Security Measures Required for Web3 Publishers
To prevent such attacks, crypto publishers must:
* Test all third-party ad and analytics code for vulnerabilities. * Impose real-time tracking and alerts on unauthorized script changes. * Use rigorous content security policies (CSP) to block untrusted scripts. * Run frequent penetration tests simulating ad-based and front-end attacks. * Educate users never to connect wallets or enter keys in response to pop-ups, regardless of trusted sites.
The Cointelegraph attack serves as a stark reminder that even the safest crypto platforms can become attack vectors. As wallet-draining scams grow more advanced, both publishers and users must implement new security habits.
