Visitors to Cointelegraph were caught off guard on Sunday when a slick pop-up claimed they’d won 50,000 “CTG” tokens worth over $5,000.
The message looked real, complete with Cointelegraph branding and familiar airdrop elements. Many users were prompted to connect their crypto wallets before the scam was revealed.
By the time the fake offer disappeared, unsuspecting visitors had already clicked through, risking their funds.
ALERT: We are aware of a fraudulent pop-up falsely claiming to offer “CoinTelegraph ICO Airdrops” or “CTG tokens” that are appearing on our site.
DO NOT:
– Click on these pop-ups
– Connect your wallets
– Enter any personal informationWe are actively working on a fix.
— Cointelegraph (@Cointelegraph) June 23, 2025
Fake Airdrop Interface
According to Scam Sniffer, the bogus pop-up included a countdown timer and buttons that felt just like a standard token drop. It even showed a reward worth $5,490 and labeled the process “secure,” “instant,” and “verified.”
Based on reports, none of those descriptions were true. There is no CTG token on CoinGecko, CoinMarketCap, or any major blockchain explorer. That should have been a red flag.
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) June 23, 2025
Attack Via Ad System
Security experts traced the malicious JavaScript back to Cointelegraph’s ad partner rather than its core website code.
Cointelegraph later confirmed that the breach came through its advertising system and not a flaw in its main infrastructure.
A similar hack hit CoinMarketCap over the same weekend, showing that attackers are now focusing on trusted ad networks to slip in harmful scripts.
Wallet Draining Threat
Once a user clicked “connect,” the hidden code could trigger wallet approvals and transfers without clear consent.
Effectively, hackers have blanket permission to transfer money out of a wallet in seconds. This approach is riskier than standard phishing emails because they sneak up on individuals unexpectedly on sites they trust.
Calls For Improved Defenses
As these ad-based attacks become increasingly prevalent, crypto platforms come under pressure to lock down all third-party integrations.
Experts recommend more rigorous audits of ad code, sandboxing of third-party scripts, and real-time monitoring of site activity. On the end-user side, installing ad blockers or script-blocking add-ons would preclude these stealth threats.
Based on what transpired this weekend, it’s apparent that attackers have changed their modus operandi from email cons to front-end hacks on prominent sites. Cointelegraph and CoinMarketCap are only the latest victims.
Featured image from Unsplash, chart from TradingView
