Widely used cryptocurrency price tracking site CoinMarketCap had $43,266 worth of cryptocurrency pilfered from 110 victims following a Friday attack that involved the Inferno Drainer crypto-draining tool, according to Hackread.
Threat actors commenced the intrusion by luring CoinMarketCap site visitors to verify their wallets through a pop-up, which allowed subsequent access and exfiltration of wallet funds, an analysis from Flare.io Senior Threat Intelligence Researcher Tammy H showed. Additional findings revealed that while attackers were able to steal various types of cryptocurrency, multiple drain attempts have also not succeeded due to unsupported tokens or a lack of balances within the targeted wallets. Such a compromise, which was attributed to a doodle on the site's homepage with malicious code prompted by an embedded API call, has already been addressed by CoinMarketCap, which already remediated impacted internal systems. "All systems are now fully operational, and CoinMarketCap is safe and secure for all users," said the firm.
Threat actors commenced the intrusion by luring CoinMarketCap site visitors to verify their wallets through a pop-up, which allowed subsequent access and exfiltration of wallet funds, an analysis from Flare.io Senior Threat Intelligence Researcher Tammy H showed. Additional findings revealed that while attackers were able to steal various types of cryptocurrency, multiple drain attempts have also not succeeded due to unsupported tokens or a lack of balances within the targeted wallets. Such a compromise, which was attributed to a doodle on the site's homepage with malicious code prompted by an embedded API call, has already been addressed by CoinMarketCap, which already remediated impacted internal systems. "All systems are now fully operational, and CoinMarketCap is safe and secure for all users," said the firm.
