CoinMarketCap Hack Deploys Wallet Drainer; Lazarus Group Steals $11M from BitoPro

Published: 2025-06-21 06:04:59 |

On June 20–21, CoinMarketCap’s front end was compromised when attackers injected malicious JavaScript into its rotating “Doodles” (formerly spin graffiti) feature. A manipulated JSON payload triggered a fake “Verify Wallet” pop-up linked to a wallet drainer called “Impersonator,” tricking users into authorizing token transfers. Blockchain analysts traced approvals to a known malicious address, suggesting backend API access and exploitation of the site’s animation engine. CoinMarketCap removed the code within three hours, reinforced its security, and MetaMask flagged the incident as fraudulent. Separately, Taiwanese exchange BitoPro confirmed a hot-wallet breach on May 8 by North Korea’s Lazarus Group, resulting in an $11 million loss. Traders are advised to revoke suspicious approvals and exercise caution when connecting wallets on popular platforms.

Neutral

This security breach highlights vulnerabilities in major crypto platforms but does not directly affect any tradable token’s fundamentals. The swift remediation by CoinMarketCap and the non-token nature of the incident suggest limited impact on market prices. However, trader caution may increase short-term volatility in related on-chain approval activity. Long-term confidence in platform security could improve following reinforced measures.