A Chinese trader fell victim to a hacking scheme, losing $1 million through a promotional Google Chrome plugin called Aggr. The plugin steals cookies, allowing hackers to bypass security measures like passwords and two-factor authentication to access victims' Binance accounts. The trader, known as CryptoNakamao on X, shared their story of losing their life savings. They discovered the unauthorized activity on their Binance account on May 24, noticing unusual trades when they checked Bitcoin's price on the Binance app, which had plummeted to $69,222. Unfortunately, by the time they reached out to Binance for help, the hacker had already withdrawn all their funds.
To engage in cross-trade on Binance, a hacker obtained cookie data
The trader stated that the hackers had obtained his browser's cookie information by using the Aggr Chrome plugin. After installing the plugin in order to access notable trader data, the trader discovered that malicious software had been developed to steal cookies and browser history from users.
The hacker then carried out many leveraged trades to drive up the price of low liquidity pairings and benefit from them by using the cookies he had obtained to take over active user sessions without a password or authentication.
The trader explained that even though the hacker couldn’t withdraw funds directly due to two-factor authentication (2FA), they used the cookies and active login sessions to make profits through cross-trading.
The trader claimed that the hacker bought several tokens in the Tether USDT$1.00 trading pair with abundant liquidity and placed limit sell orders exceeding the market price in the Bitcoin, USD Coin USDC$1.00 and other trading pairs with scarce liquidity.Finally, the hacker opened leveraged positions, bought a large amount in excess, and completed the cross-trading. A cross trade is a practice where buy and sell orders for the same asset are offset without recording the trade on the exchange.
Trader accuses Binance
The trader alleges that even with abnormally high trading volume, Binance failed to put in place necessary security measures. Moreover, they argued, the exchange did not act to halt it even after receiving timely complaints.
The trader's inquiry revealed that Binance was already carrying out an internal investigation and had been aware of the fraudulent plugin for some time. The trader said that even though Binance was aware of the hacker's address and the specifics of the plugin scam, it did not notify the traders or take any action to stop the fraud. The merchant penned:
Even though Binance was aware of the theft and regular cross-trading, it took no action. Without any risk control, hackers manipulated accounts for more than an hour, resulting in incredibly unusual transactions in numerous currency pairs. Binance neglected to promptly freeze the cash in the obvious hacker's only account on the site.
June 2024, Cryptoniteuae