Verify a decision

{"actor":"system:backfill","investigation_id":"674e90a3-87f1-45b8-a266-ff1084c6dd58","kind":"publish","page_slug":"cointelegraph","published_at":"2026-05-19T15:18:32.340Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Cointelegraph","sections":[{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]}],"sources_used":[],"summary":"Cointelegraph is a major legitimate cryptocurrency news outlet that has been a victim of two distinct infrastructure compromises. In January 2024, attackers breached its email service provider MailerLite and sent phishing emails to subscribers using Angel Drainer malware, resulting in estimated losses of $580,000 to over $700,000 across affected platforms. In June 2025, attackers separately compromised Cointelegraph's banner advertising system to serve Inferno Drainer-linked pop-ups promoting a fake CTG token airdrop to site visitors.","timeline":[{"date":"2024-01-23","event":"Attackers use compromised MailerLite access to send phishing emails from Cointelegraph, WalletConnect, Token Terminal, De.Fi, and Decrypt official email addresses. Phishing emails promote fake airdrops and deploy Angel Drainer via malicious dApps. ZachXBT warns on Telegram and identifies attacker wallet address 0xe7D13137923142A0424771E1778865b88752B3c7.","source":"","source_url":"https://crypto.news/cointelegraph-others-sent-phishing-emails-in-presumed-hack/"},{"date":"2024-01-23","event":"ZachXBT reports over $580,000 has been drained from victims across multiple chains within hours of the campaign launch.","source":"","source_url":"https://decrypt.co/214033/hackers-target-crypto-email-lists-send-phishing-attacks-steal-700000"},{"date":"2024-01-24","event":"MailerLite confirms the breach, disclosing that a support team member was socially engineered via a fraudulent Google sign-in page. 117 accounts were initially reported as accessed (later revised to 70), with four used to launch phishing campaigns. MailerLite notified affected customers within 8 hours.","source":"","source_url":"https://www.mailerlite.com/newsroom/securityincidentnotice"},{"date":"2024-01-24","event":"Total losses from the MailerLite phishing campaign estimated at approximately $700,000 in liquid assets (Nansen's $3.3M figure revised downward after accounting for illiquid XBANKING tokens). Blockaid reports it protected an additional $2.7 million in user funds.","source":"","source_url":"https://decrypt.co/214033/hackers-target-crypto-email-lists-send-phishing-attacks-steal-700000"},{"date":"2025-06-21","event":"Cointelegraph's banner publishing system is briefly compromised. A malicious JavaScript payload is injected via a fraudulent ad network domain resembling AdButler, displaying a fake CTG token ICO airdrop pop-up connected to Inferno Drainer infrastructure.","source":"","source_url":"https://cryptoslate.com/cointelegraph-and-coinmarketcap-front-ends-compromised-with-scam-links-over-the-weekend/"},{"date":"2025-06-22","event":"Cointelegraph publicly warns users not to interact with pop-ups promoting CTG tokens or connect wallets to suspicious prompts. The compromised banner system is cleaned. Help Net Security and Scam Sniffer attribute both the Cointelegraph and CoinMarketCap attacks to Inferno Drainer customers.","source":"","source_url":"https://www.helpnetsecurity.com/2025/06/23/coinmarketcap-cointelegraph-compromised-to-serve-pop-ups-to-drain-crypto-wallets/"}]},"v":1}