Visitors to Cointelegraph encountered a deceptive pop-up on a recent Sunday, falsely claiming they had won 50,000 "CTG" tokens, purportedly valued at over $5,000. The fraudulent message was designed to appear legitimate, incorporating Cointelegraph's branding and familiar elements commonly associated with genuine cryptocurrency airdrops. Unsuspecting users were prompted to connect their crypto wallets, unwittingly exposing themselves to a scam before the fake offer vanished. Many had already clicked through, placing their funds at risk.

Cointelegraph issued an alert via its official Twitter account, warning users about the fraudulent pop-ups offering "CoinTelegraph ICO Airdrops" or "CTG tokens." The platform explicitly advised users not to click on these pop-ups, connect their wallets, or input any personal information, confirming that they were actively working on a fix for the issue.

According to reports from Scam Sniffer, the bogus pop-up mimicked a standard token drop interface, complete with a countdown timer and buttons. It deceptively advertised a reward worth $5,490 and labeled the process as "secure," "instant," and "verified," none of which were true. A critical red flag for users should have been the non-existence of a "CTG" token on major cryptocurrency data platforms like CoinGecko or CoinMarketCap, or any prominent blockchain explorer.

Security experts quickly traced the malicious JavaScript responsible for the pop-up not to Cointelegraph's core website code, but to its ad partner. Cointelegraph later confirmed that the security breach originated through its advertising system, rather than a flaw within its main infrastructure. This incident highlights a growing trend, as a similar hack affected CoinMarketCap during the same weekend, indicating a shift in attacker focus towards exploiting trusted ad networks to inject harmful scripts.

The threat posed by these attacks is significant: once a user clicked "connect," the hidden malicious code could covertly trigger wallet approvals and transfers without explicit consent, granting hackers blanket permission to drain funds from a connected wallet in mere seconds. This method is considered more dangerous than traditional phishing emails because it ambushes individuals on websites they trust, where they are less likely to be suspicious.

In response to the increasing prevalence of these ad-based attacks, there is growing pressure on cryptocurrency platforms to bolster the security of all third-party integrations. Experts advocate for more stringent audits of ad code, the implementation of sandboxing for third-party scripts, and continuous real-time monitoring of site activity. For end-users, installing ad blockers or script-blocking browser add-ons can serve as an effective preventative measure against these stealthy threats. The events of this weekend underscore a clear shift in attackers' modus operandi, moving away from email-based cons towards sophisticated front-end hacks targeting high-traffic, prominent websites, with Cointelegraph and CoinMarketCap being recent victims.