Chinese Trader Loses $1 Million in Binance Hack via Chrome Plugin Aggr
Summary:
A Chinese trader fell victim to a scam and lost $1 million. The fraud was orchestrated through a Google Chrome plugin called Aggr, which steals users' cookie data, allowing hackers to gain access to Binance accounts. The trader, nicknamed CryptoNakamao, identified abnormal trading activity in his account too late, and the hacker had already withdrawn all his funds. The trader blamed Binance for its lax security measures and accused the platform of inaction despite being aware of the ploy. Binance has not commented on the matter yet.
In a hacking scam devised through a Google Chrome plugin named Aggr, a trader from China was reportedly defrauded off $1 million. By stealing cookies from the users, this promotional plugin permitted the hackers to override password and two-factor authentication checks, granting them access to the unsuspecting user's Binance account. A trader who goes by the username CryptoNakamao on platform X, narrated their appalling experience of losing their entire savings to this unexpected scam. The incident occurred on May 24, when CryptoNakamao noticed random trading activities in his Binance account, which he spotted while checking the Bitcoin (BTC) price through the Binance app. Sadly, assistance from Binance arrived too late as the hacker had already withdrawn all his funds.
CryptoNakamao explained how the hackers had exploited his web browser's cookie data, which they acquired through the Aggr Chrome extension. Having installed this extension to access data of significant traders, he was unaware that it was actually a devious program designed to pilfer user web browsing data and cookies. Using the procured cookies, the hacker was able to hijack active user sessions and execute a series of leveraged trades on low liquidity pairs for his profit without requiring a password or authentication.
Despite two-factor authentication (2FA) preventing direct fund withdrawals, the hacker turned it to his advantage by utilizing the cookies and active login sessions for exploiting cross-trading for profits. Through the Tether (USDT) trading pair, the hacker purchased numerous tokens having substantial liquidity and proceeded to place limit sell orders over the market price on the Bitcoin, USD Coin (USDC), and other trading pairs with lesser liquidity. Finally, the hacker engaged leveraged positions, purchased a hefty amount in excess, and wrapped up the cross-trading.
The trader squarely blamed Binance for its lack of adequate security measures even amidst unusually high trading activity. In spite of receiving complaints in time, according to him, the exchange did not take steps to curtail the activity. During his investigation, the trader found out that Binance was acquainted with this fraudulent plugin and had launched an internal investigation already. However, Binance neither cautioned the traders nor took actions to preclude the scam despite having knowledge about the hacker's address and the plugin scam's nature. The trader stated, “While being aware of the theft and recurring cross-trading, Binance remained inactive. The hackers took over accounts for over an hour which led to abnormally high transactions in multiple currency pairs without any risk control measures. Binance failed to freeze the funds of the obvious hacker's single account on the platform in a timely manner.”
Binance has yet to respond to Cointelegraph's query for comments. In more news, the anticipation builds up for Ether ETFs which are expected to launch in June, while CZ departs Binance France, among other updates, according to Hodler’s Digest covering May 26 – June 1.
Published At
6/3/2024 1:43:23 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.