It’s an exhilarating time to be involved with the world of cryptocurrency that is so new and filled with opportunity. It, too, has been shoulder-deep in risks. Just as recently, CoinMarketCap, one of the most popular cryptocurrency price and market data platforms, was hacked in a sophisticated man-in-the-middle attack. This attack led to the loss of over $43,000 worth of tokens from the platform’s unwary users. Here’s a look at the CoinMarketCap hack that occurred recently. Possibly, most importantly, it discusses the steps you can take to protect your crypto wallets from similar attacks in the future.

Understanding the CoinMarketCap Hack

Although the CoinMarketCap hack wasn’t necessarily a breach on their core systems directly, it was still a supply chain attack. That indicates the hackers did not specifically target CoinMarketCap’s servers. Instead, they hacked a service that CoinMarketCap used, owned by a third party, called Intercom.

Attack Vector: A Malicious Script Tag

The attack vector started with the ability to inject a malicious script tag into the CoinMarketCap website. The above script tag was injected into the site from an external domain called “static.cdnkit.io.” Attackers most plausibly gained access through this external site. This gave them access to CoinMarketCap’s backend, where they could then inject their malicious code into CoinMarketCap by using it. The breached third party was only the enabler, providing the attackers with a vector through which they could inject malicious code into a wholly untrusted environment.

The Role of the JSON Payload

The attackers manipulated the JSON payload that CoinMarketCap’s app used to serve content to users to read out terms like “CoinMarketCap has been hacked.” Within this payload, they nested the malicious script tag. This obfuscated script tag was the key to injecting a wallet drainer script into the CoinMarketCap website. This mode of attack is a truly insidious and malicious feature. This makes it more difficult to detect because it takes advantage of a website’s current infrastructure to serve up malicious code.

Wallet Drainer Script and Phishing Tactics

The injected script was a “wallet drainer,” created to steal cryptocurrency from unsuspecting visitors. It operated by enticing victims to link their wallets to the site via fake Web3 wallet connection prompts. With a call to action to “Verify Wallet,” these popups instilled urgency and a sense of legitimacy that spurred users to take immediate action. This was a typical crypto phishing scheme, aimed at deceiving users into giving up credentials for their crypto wallets. Once a user authorized their wallet, the attack script could then drain the user’s funds.

Financial Impact and Attacker Tactics

The CoinMarketCap hack, which was devastating in its financial impact. About $43,000 worth of cryptocurrency was compromised from users who were scammed by the phishing attack. In reality, that cost is likely far greater. These costs run the gamut, such as reputational harm to CoinMarketCap and erosion of trust in the cryptocurrency ecosystem.

Deceptive Web3 Popups

The scammers’ execution of Web3 popups was successful in this instance because it was modeled after a legitimate wallet connection request. A large subset of cryptocurrency users are regularly connecting their wallets to various platforms. So, understandably, the popups didn’t set off any alarm bells right away. Unfortunately, the attackers took advantage of this familiarity for their own ends.

Exploiting User Trust

Under the hood of this attack’s success was an impressive effort to exploit user trust. With millions of active users, CoinMarketCap is a trusted and reliable information source for the overall cryptocurrency ecosystem. The attackers had successfully injected their malicious script into the official CoinMarketCap website. This gave them license to prey on users’ trust and deceive them into linking their wallets.

Actionable Steps to Protect Your Crypto Wallets

Here are actionable steps you can take to protect your crypto wallets from similar attacks:

Best Practices for Wallet Security

  • Protect your seed/recovery phrase offline: Your seed phrase is the key to your crypto wallet. Never store it online or on any device connected to the internet. Make more than one copy and store them in secure, physical locations, such as safety deposit boxes or hidden safes.
  • Use a cold wallet: Consider using a cold wallet, which is an offline wallet, such as a hardware or paper wallet, not connected to the internet. This significantly reduces the risk of online attacks.
  • Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts by enabling 2FA. This makes it harder for attackers to access your accounts, even if they obtain your username and password.
  • Implement certificate pinning: For mobile apps, ensure the app only communicates with trusted servers, preventing man-in-the-middle (MitM) attacks.

Recognizing Phishing Scams

  • Be cautious of sophisticated scams: Phishing scams are becoming increasingly sophisticated. They can involve glossy websites and brochures that appear to show celebrity endorsements from household names, making them difficult to spot. Always double-check the legitimacy of any website or communication before entering your credentials or connecting your wallet.
  • Verify the legitimacy of a crypto wallet app: When transferring money for the first time, send only a small amount to confirm the legitimacy of a crypto wallet app. This can help you avoid falling victim to fake or malicious apps.
  • Watch out for fake crypto sites: Fake crypto sites often operate in ways that seem legitimate, but can be designed to steal your information, such as your crypto wallet's password and recovery phrase. Always verify the URL and look for security indicators, such as a padlock icon in the address bar.
  • Be aware of pharming attacks: Pharming attacks are particularly dangerous because they can be very difficult to spot. These attacks redirect you to a fake website even if you type the correct address. Always be vigilant and double-check the website's security certificate.

Security Tools and Resources

  • Use a hardware wallet: Consider using a hardware wallet, such as Ledger or Trezor, which can provide an additional layer of security. Hardware wallets store your private keys offline, making them much more resistant to hacking.
  • Hacken: A trusted blockchain security auditor on a mission to make Web3 safer. They offer a range of security services, including smart contract audits and penetration testing.
  • Ziion Linux distro: A blockchain and smart contract security operating system (OS). It provides a secure environment for developing and managing blockchain applications.
  • Cyberscope: One of the leading and recognized audit authorities in the crypto space. They provide comprehensive security audits for blockchain projects.
  • OtterSec: A blockchain smart contract auditing company, securing top protocols across chains. They help ensure the security and reliability of smart contracts.

Additional Security Measures

In addition to the five steps described above, there are many other smart security practices you can adopt to safeguard your crypto assets.

Enhancing Account Security

  1. Enable two-factor authentication: Enable two-factor authentication when available to add an extra layer of security to your accounts. This can help prevent unauthorized access, even if your password is compromised.
  2. Use strong, unique passwords: Avoid using the same password for multiple accounts. Use a password manager to generate and store strong, unique passwords for each of your accounts.
  3. Regularly update software: Keep your operating system, web browser, and security software up to date. Software updates often include security patches that address vulnerabilities that attackers could exploit.

Staying Informed and Vigilant

  • Stay informed about the latest security threats: The cryptocurrency landscape is constantly evolving, and new security threats emerge regularly. Stay informed about the latest threats by following reputable security blogs and news sources.
  • Be skeptical of unsolicited offers: Be wary of unsolicited offers or promotions that seem too good to be true. These could be phishing scams or other types of fraudulent schemes.
  • Report suspicious activity: If you notice any suspicious activity, such as unauthorized transactions or strange emails, report it immediately to the relevant authorities and cryptocurrency exchanges.

As bad as it sounds, the recent CoinMarketCap hack serves as one of many reminders that security is paramount within the cryptocurrency space. By following the steps outlined in this article, you can significantly reduce your risk of falling victim to similar attacks. Until next time, stay safe, stay educated, and as always, secure your crypto assets to crypto with confidence!