The incident, which occurred on June 22, involved scammers promoting a fake Cointelegraph token (CTG) and a counterfeit initial coin offering (ICO) campaign.
Scam Sniffer traced the exploit to a JavaScript payload embedded via the site’s advertising infrastructure. The code appeared to come from a domain resembling AdButler, though it had been recently registered and linked to a malicious script hidden within a banner advertisement.
The platform emphasized that it is actively investigating and working to remove the malicious code. Users were advised not to enter personal details or connect wallets to any prompts on the site.
On June 20, the crypto data provider briefly experienced a front-end breach that resulted in a fake wallet prompt appearing on its homepage.
“Our security team identified a vulnerability related to a doodle image displayed on our homepage. This doodle image contained a link that triggered malicious code through an API call, resulting in an unexpected pop-up for some users when visited our homepage.”
While the message on each site differed, both cases followed a near-identical delivery mechanism: a deceptive pop-up disguised as a platform feature. This may indicate a coordinated campaign targeting high-traffic crypto websites using ad-based JavaScript exploits.
He added that the twin breaches highlight a growing trend of attackers exploiting trusted platforms to execute wallet-draining schemes.
He stated:
“Hackers are targeting information web sites now.”
As a result, he urged crypto users to remain cautious, avoid interacting with unknown dApps, and regularly monitor wallet activity to stay safe.
