Major cryptocurrency news outlet Cointelegraph allegedly fell victim to a sophisticated website compromise, with attackers injecting malicious pop-ups claiming to offer $275,000 worth of fake "CTG" token airdrops to unsuspecting visitors.
The attack, discovered on June 23, 2025, represents the latest in a concerning trend of high-profile crypto media sites being weaponized against their own audiences. Just days after CoinMarketCap suffered a similar compromise that drained user wallets through fake pop-ups, Cointelegraph users encountered fraudulent airdrop notifications appearing directly on the legitimate website.
The malicious pop-up claimed users were eligible to receive 50,000 "CTG" tokens, allegedly from a Cointelegraph ICO (Initial Coin Offering) that never existed. The scam presented an attractive value proposition, showing the fake tokens were worth approximately $5,490 - totaling $274,500 for the promised airdrop amount.
The fraudulent interface prompted users to connect their cryptocurrency wallets and provide personal information to claim the non-existent tokens. However, connecting wallets to such malicious interfaces typically results in complete wallet drainage, as attackers gain access to approve transactions that transfer all assets to their control.
Blockchain security firm Scam Sniffer quickly identified the threat, warning that Cointelegraph's frontend had been compromised and flagging the site for potential phishing attacks.
According to Scam Sniffer's analysis, the malicious JavaScript code originated from Cointelegraph's own advertising system, suggesting attackers may have infiltrated the site's ad network infrastructure.
"CoinTelegraph's frontend has been compromised. Please be cautious," Scam Sniffer announced on social media, noting they blocked the threat at approximately 22:41:51 UTC on June 22, 2025.
Technical Analysis Reveals Ad Network Vulnerability
The security breach appears to have exploited Cointelegraph's advertising delivery system, with malicious scripts injected through compromised ad server files. This attack vector has become increasingly common, as it allows cybercriminals to reach large audiences through trusted websites without directly compromising the main site infrastructure.
🚨 The malicious JS code appears to come from Cointelegraph's advertising system.
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) June 23, 2025
Related files:
https://adbutlerserve[.]com/assets/inject.js
https://adbutlerserve[.]com/assets/90435885-4428-4fc3-ade0-378d793ea392.js pic.twitter.com/QbH7kaDBLx
The fake CTG token doesn't exist on any legitimate cryptocurrency exchanges like CoinMarketCap or CoinGecko, and Cointelegraph has never announced plans for an ICO or token launch - clear red flags that seasoned crypto users should recognize.
 |
| Cointelegraph's warning |
At the time of writing, Cointelegraph's official Twitter account confirmed that the pop-up was a scam and warned readers not to do three things: don't click on the pop-up, don't connect your crypto wallet, and don't enter any personal information.
The cryptocurrency community continues to face evolving threats as cybercriminals exploit the trust users place in established media outlets and trading platforms.