Binance: Hackers Steal Millions Through a Chrome Plugin
The Chrome Plugin is called Aggr, stealing cookies from users and then using them to bypass the two-factor authentication verification and password to access the accounts.
According to a recent X statement, a trader based in China lost close to $1M to a scam from his Binance account. The victim lost all his life savings through a Chrome Plugin (Aggr) that steals the user’s cookies. The hackers then used the stolen data to bypass all the security measures and log into the accounts.
The trader, known as CryptoNakamao on X, explained that on May 24, their Binance account began trading independently, and he only noticed when he opened the Binance app to check its Bitcoin balance.
CryptoNakamao blames Binance for his loss, claiming that Binance did not implement essential security measures despite unusually high trading activity. By the time he sought assistance from Binance, the hacker had already withdrawn all funds.
“Binance did nothing even though it knew of the theft and frequent cross-trading. Hackers manipulated accounts for over an hour, causing extremely abnormal transactions in multiple currency pairs without any risk control; Binance failed to freeze the funds of the obvious hacker’s single account in the platform on time.”
The trader explained that although the hacker could not directly withdraw funds due to 2FA, they used the cookies and active login sessions to profit through cross-trading.
The trader alleged that the hacker purchased multiple tokens in the Tether trading pair with ample liquidity and placed limit sell orders above the market price in the Bitcoin, USD Coin, and other trading pairs with limited liquidity.
The hacker opened leveraged positions and bought a large amount, then completed the cross-trading. In a cross-trade, buy and sell orders for the same asset are offset without being recorded on the exchange.
Protecting your crypto is as essential as taking your profits, be careful!
