In recent days, an attack was carried out on CoinMarketCap, but even though it was conducted on the official website, the attack was actually aimed at users of the platform.
In short, it was an attempt to phish users from the site, but carried out on the same website.
The ingenious attack on CoinMarketCap
The attackers first created an account for their project on CoinMarketCap and renamed it to CoinMarketCap, the site’s namesake.
They then inserted a link to a site that pretended to be the CoinMarketCap site, which appeared to be very similar and credible, but was actually under their control. Tokens were sold on this site.
The hackers then succeeded in hacking CoinMarketCap’s CryptTown social network, on which they created a series of verified accounts with which they posted messages stating that they were selling tokens.
In this way, the comments about the token sale scam appeared to have been made from the official CoinMarketCap account, as if the site itself was promoting the token sale.
The scam therefore appeared to be particularly credible, so much so that they managed to collect 12 ETH and 192 BNB, with a total value of $130,000.
The phishing landing page was put online overnight, according to European time, so it took them a while to intervene and remove it. Instead, they immediately started advertising it heavily.
This information was gathered and disseminated by Dmitry Mishunin, founder and CEO of smart contract auditing company HashEx.
Although it did not take long for the page to be removed, the attackers had enough time to convince several dozen people to send them funds.
CoinMarketCap is now owned by the famous exchange Binance, so such an initiative that appeared to be organized and promoted by CoinMarketCap itself should come as no surprise that it could succeed. If it had gone on a little longer it could have raised a lot more.
Frankly, it was not difficult to imagine that this was a suspicious initiative, but from a superficial analysis it might even seem vaguely legitimate. In such cases, the best thing to do is to investigate further, and never rely on appearances alone.