Fake Airdrop Scam Hits Cointelegraph Through Ad Exploit

3-min Read0 Comments

  • crypto-scams
  • airdrops
  • wallet-security

Cointelegraph's ad infrastructure was compromised to run a phishing scam posing as a fake CTG token airdrop. Learn how the attack worked and how to protect your wallet.

Cointelegraph Ad Exploit: What Happened?

Over the weekend, Cointelegraph, a trusted name in crypto news, fell victim to a sophisticated front-end exploit delivered through its ad infrastructure. The attack involved a fake pop-up advertising a bogus “CTG” token airdrop that lured users into connecting their crypto wallets. This phishing scam used Cointelegraph’s visual identity and fabricated data to deceive visitors, making it appear like a legitimate giveaway campaign.

Details of the Fake CTG Airdrop Scam

The pop-up claimed visitors had been selected to receive 50,000 “CTG” tokens—purportedly worth over US$5,500 (around AU$8,506)—as part of a supposed “fair launch.” Victims were encouraged to connect their wallets, unknowingly giving scammers access to sensitive data and digital assets. To reinforce the illusion, fake audit credentials and doctored token data were included.

How the Exploit Was Carried Out

Security researchers confirm that the breach wasn’t through Cointelegraph’s core systems but via third-party ad scripts. Attackers inserted malicious JavaScript through an ad network integrated on the site. This kind of vulnerability, known as a supply chain exploit, is becoming more common, particularly on high-traffic platforms.

Wider Implications and Similar Incidents

This is not an isolated incident. Just days earlier, CoinMarketCap experienced a similar attack with fake giveaways delivered through injected front-end code. These coordinated efforts show a growing trend: phishing scams using compromised ad systems on trusted platforms to reach unsuspecting users.

The Cointelegraph incident highlights how even secure websites can be exploited indirectly, making vigilance crucial. These types of scams rely on blending real branding with deceptive messaging to manipulate users into taking risky actions.

How to Stay Safe from Fake Airdrop Scams

  • Never connect your wallet from a pop-up: If a website prompts you to connect your wallet via a pop-up or ad, exit immediately and verify directly on the official platform.
  • Don’t trust ‘free tokens’ offers: Be wary of giveaways, especially those with high token values or time-limited offers. If it seems too good to be true, it probably is.
  • Check for official announcements: Real airdrops are typically announced on the official websites or social media accounts of the project.
  • Use browser and ad blockers: Prevent malicious ad scripts by using trusted browser extensions and ad-blocking tools.
  • Keep wallets isolated: Use separate wallets for everyday use and for interacting with new projects, minimising risk to your main holdings.
  • Report suspicious activity: If you’ve encountered a scam or lost access to your wallet, report it to Scamwatch and your wallet provider immediately.

As phishing tactics evolve, it's vital to stay informed and cautious. Even trusted websites like Cointelegraph are not immune to the vulnerabilities posed by third-party ad services.