A sophisticated supply chain attack targeting CoinMarketCap resulted in the theft of over $43,000 in cryptocurrency assets from more than 110 victims on June 20, 2025. The attack exploited a vulnerability in the platform’s animated logo system, demonstrating how cybercriminals are evolving their tactics to target trusted cryptocurrency platforms through third-party components.
Attack Vector: Compromised Doodle Animation System
The attackers employed a sophisticated technique by compromising CoinMarketCap’s animated logo (doodle) system on the platform’s homepage. The threat actors modified the API request responsible for loading the doodle animation, injecting malicious script tags into the JSON response that served the animated content to users.
When users visited the main page, they encountered deceptive pop-up windows designed to mimic legitimate cryptocurrency wallet connection requests. The malicious JavaScript code was loaded from an external domain, static.cdnkit[.]io, which generated fake Web3 transaction dialogs that appeared authentic to unsuspecting users.
CoinMarketCap’s Security Response
CoinMarketCap’s security team responded promptly to contain the incident. In an official statement, the company confirmed: “Our security team identified a vulnerability related to the doodle image on the homepage. Upon discovery, we immediately removed the problematic content and implemented comprehensive measures to isolate the issue.”
The platform’s representatives emphasized that all systems are currently operating normally and user security has been restored. However, the incident highlights the ongoing challenges cryptocurrency platforms face in securing their digital infrastructure against increasingly sophisticated attack methods.
Understanding Supply Chain Attack Methodology
Cybersecurity experts from c/side classified this incident as a supply chain attack, a particularly dangerous form of cyber assault that targets third-party services and components rather than the main infrastructure of the target organization. These attacks are especially challenging to detect because they exploit trusted system elements that typically receive less scrutiny from security monitoring systems.
Supply chain attacks have become increasingly prevalent in the cryptocurrency space, as they allow attackers to bypass traditional security measures by compromising components that users and security systems inherently trust.
Technical Analysis and Threat Intelligence
Security researcher Rey conducted a detailed analysis of the attack, publishing findings on social media platform X. According to the investigation, the threat group coordinated their activities through a Telegram channel, primarily communicating in French, suggesting a organized cybercriminal operation.
The attack statistics revealed the campaign’s alarming effectiveness: within a relatively short timeframe, attackers successfully compromised 110 cryptocurrency wallets, resulting in total damages of $43,266. This success rate demonstrates the sophistication of modern crypto drainer malware and the effectiveness of social engineering techniques targeting cryptocurrency users.
The Growing Threat of Crypto Drainer Malware
The CoinMarketCap incident represents part of a broader trend involving crypto drainer attacks—specialized malware designed specifically for stealing cryptocurrency assets. Unlike traditional phishing schemes, these tools are distributed through multiple vectors including social media platforms, advertising networks, fraudulent websites, and compromised browser extensions.
According to cybersecurity research data, crypto drainer attacks caused nearly $500 million in damages during 2024, affecting over 300,000 cryptocurrency wallets worldwide. This represents a significant escalation in both the scale and sophistication of cryptocurrency-targeted cybercrime.
This incident underscores the critical importance of implementing comprehensive security measures throughout the cryptocurrency ecosystem. Users should exercise extreme caution when interacting with pop-up windows on websites, even on trusted platforms, and implement additional transaction verification methods before connecting wallets to external services. As supply chain attacks become more prevalent, the cryptocurrency community must adopt a multi-layered security approach that includes both technical safeguards and user education to protect against these evolving threats.
