On Friday, several cryptocurrency users noticed an unusual popup on CoinMarketCap’s website, prompting visitors to “Verify Wallet.” The alert quickly raised concerns, with many suspecting it to be part of a phishing scam — a common trick used by hackers to steal wallet access or sensitive information from unsuspecting users.
Soon after these reports surfaced, CoinMarketCap acknowledged the problem in a post on its official X (formerly Twitter) account.
“We’ve identified and removed the malicious code from our site,” the company announced. However, it also made clear that its security team was still actively looking into the matter to make sure there were no further risks. “Our team is continuing to investigate and taking steps to strengthen our security,” the post added.
Experts and Wallet Providers Raise the Alarm
The suspicious popup caused immediate concern among cryptocurrency wallet providers and users alike. According to one user named Auri, the fake notification asked people to connect their wallets and grant access approvals to ERC-20 tokens — a move that could have allowed scammers to steal crypto funds from victims’ wallets.
Wallet providers such as MetaMask and Phantom quickly flagged the website for suspicious activity. Crypto user Jet claimed that both MetaMask and Phantom had marked CoinMarketCap’s site as unsafe. In fact, Phantom users with the browser extension were directly warned that the site was potentially dangerous to use during the incident.
CoinMarketCap Urges Caution
In its posts, CoinMarketCap repeatedly urged visitors not to connect their wallets to any prompts coming from the popup, warning that this was not a legitimate request from the company. The team assured users they were working hard to fully resolve the issue and prevent similar incidents in the future.
“We are aware of the malicious popup asking users to verify wallets and are addressing the issue,” CoinMarketCap stated.
Investigation Continues
As of now, CoinMarketCap says its investigation is ongoing, and further updates will be shared as more information becomes available. The platform also stated that additional security measures are being put in place to prevent such attacks in the future.
This event highlights the growing risk of phishing attacks in the crypto world, where scammers often exploit trusted platforms to deceive users. Industry experts continue to urge crypto holders to stay vigilant, double-check all wallet connection requests, and only trust verified sources.
USDS 
Toncoin 
Coinbase Wrapped BTC 
Pepe 
Bittensor