This is a segment from The Drop newsletter. To read full editions, subscribe.

A security flaw on CoinMarketCap’s website let an attacker briefly add a malicious pop-up onto the homepage that resulted in victims losing thousands of dollars.

The MetaMask team warned users on Friday evening against connecting their wallets to CoinMarketCap’s website because the coin tracker’s frontend had been compromised to push a wallet drainer scam.

About an hour later, CoinMarketCap confirmed that visitors to its site should not connect their wallets when prompted.

Later that evening, CMC explained that a vulnerability in a “doodle image” on its homepage “contained a link…

Read more on Blockworks