The company has not disclosed how many users were affected or whether any wallets were compromised as a result of the exploit.

• Hackers exploited a vulnerability in CoinMarketCap's front-end system by using a doodle image to inject malicious code.
• The code triggered fake wallet verification pop-ups across the site, instructing users to "Verify Wallet" in a phishing tactic to gain access to their crypto holdings.
• CoinMarketCap's team removed the pop-up shortly after discovery and has implemented measures to isolate and mitigate the issue.

Hackers exploited a vulnerability in CoinMarketCap’s front-end system, using a seemingly harmless doodle image to inject malicious code that triggered fake wallet verification pop-ups across the site.

The breach, confirmed by CoinMarketCap, used its backend API to deliver a manipulated JSON payload that embedded JavaScript into the homepage according to blockchain security firm Coinspect Security.