Changpeng Zhao just issued a warning, urging users to be careful when authorizing wallet connections as a wave of phishing attempts hits crypto info sites.
In his recent post on X, CZ issued a warning about a new wave of scams targeting major crypto information websites, urging users to be careful when authorizing wallet connections.
The announcement follows two recent hacks, the most recent targeting the crypto media outlet Cointelegraph, and the one before that involving the popular crypto price-tracking website CoinMarketCap.
2 days ago CMC, now CT. Hackers are targeting information web sites now. Be careful when authorizing wallet connect.
For CMC, based on initial on-chain analysis, there are 39 victims with a combined loss of $18,570. @CoinMarketCap will cover all losses. https://t.co/egkekyjAYQ
— CZ đ¶ BNB (@cz_binance) June 23, 2025
On Sunday, Cointelegraphâs website was compromised by a front-end exploit, injecting a malicious pop-up that falsely claimed to offer âCoinTelegraph ICO Airdropsâ and âCTG tokens.â The pop-up urged users to connect their crypto wallets to receive nearly $5,500 worth of tokens. To add credibility, the attackers even cited a âfair launchâ event and a fraudulent CertiK audit.
đš ALERT: We are aware of a fraudulent pop-up falsely claiming to offer âCoinTelegraph ICO Airdropsâ or âCTG tokensâ that are appearing on our site.
DO NOT:
â Click on these pop-ups
â Connect your wallets
â Enter any personal informationWe are actively working on a fix.
â Cointelegraph (@Cointelegraph) June 23, 2025
Cointelegraph immediately responded, warning its readers on X to avoid interacting with the fraudulent pop-up. âDo not click on these pop-ups, connect your wallets, or enter any personal information,â CT wrote, adding that the team was working on a fix to resolve the issue.
The Cointelegraph incident came shortly after a similar attack on CoinMarketCap, which occurred two days earlier. In CoinMarketCapâs case, hackers similarly attempted to trick users into connecting their wallets via a malicious pop-up prompting them to âverifyâ them. Wallet providers MetaMask and Phantom reportedly flagged the site as unsafe at the time, according to users on X. CMC responded quickly, removing the injected malicious code and launching an ongoing investigation to strengthen its platformâs security.
In another recent scam just a few days ago, hackers similarly tried to exploit usersâ trust in established crypto platforms by using fake Aave (AAVE) ads that appeared at the top of Google search results and directed users to phishing a sites mimicking the DeFi platform and draining connected wallets.
