Trader Falls Victim to Binance Hacking Scam via Chrome Plugin Access, Losing Millions
In a recent incident, a trader from China lost $1 million in a sophisticated hacking scam that exploited a compromised Google Chrome plugin. The plugin was able to gain unauthorized access to the trader’s Binance account by stealing cookies, bypassing security measures and resulting in a significant financial loss.
The attack on the trader’s Binance account was facilitated by a Google Chrome plugin called Aggr. This malicious plugin stole user cookies, which allowed hackers to bypass password and two-factor authentication (2FA) protections, ultimately gaining access to the victim’s Binance account. The trader, known as CryptoNakamao on X, shared the details of the incident on the platform.
On May 24, CryptoNakamao noticed unusual trades on their Binance account and realized the severity of the situation after checking the Bitcoin price on the Binance app. Unfortunately, by the time they sought help from Binance, the hacker had already withdrawn all the funds.
The hackers exploited the stolen cookie data obtained through the Aggr plugin, which the trader had installed to access data from prominent traders. This plugin was designed to steal web browsing data and cookies, allowing hackers to hijack active user sessions without requiring a password or authentication.
The hackers engaged in multiple leveraged trades to manipulate the prices of low liquidity pairs and profit from their actions. Despite the presence of 2FA protections, the hackers used the stolen cookies and active login sessions to conduct cross-trading, purchasing various tokens in the highly liquid Tether trading pair. They placed limit sell orders at prices higher than the market prices of Bitcoin, USD Coin, and other low-liquidity trading pairs. By opening leveraged positions and buying large amounts, they completed cross-trading without recording the transactions on the exchange.
CryptoNakamao criticized Binance for failing to implement necessary security measures despite the unusually high trading activity and for not taking action even after timely complaints were made. During their investigation, CryptoNakamao discovered that Binance was already aware of the fraudulent plugin and was conducting an internal investigation. However, Binance allegedly did not inform traders or take preventive measures against the fraud, despite knowing the hacker’s address and the nature of the scam.
The incident at Japanese Bitcoin exchange DMM also highlights the increasing frequency of crypto heists. DMM experienced a major security breach recently, resulting in the loss of 4,502.9 bitcoins valued at 48.2 billion yen (USD 305 million). Although DMM assured its customers that their Bitcoin deposits would be fully guaranteed and plans to procure the equivalent amount of lost BTC with support from partner companies, this incident ranks as one of the largest exchange hacks in terms of fiat value, comparable to the Mt. Gox hack in 2014 and the CoinCheck hack in 2018.
Furthermore, a recent investigation by blockchain sleuth ZachXBT uncovered the manipulation of cryptocurrency prices by the creators of the Solana-based memecoin CAT. The hackers gained access to the Twitter account of crypto influencer Gigantic-Cassocked-Rebirth (GCR) and used it to promote ORDI and Luna 2.0 tokens, resulting in price spikes. The CAT team, which controlled over 63% of the token supply, sold $5 million worth of CAT and used the profits for trading on Hyperliquid. The attackers also opened significant positions on ORDI and Ether.fi (ETHFI), making a profit of $34,000 from ORDI but losing $3,500 on ETHFI.
These incidents serve as a reminder of the increasing risks associated with the crypto industry and the importance of implementing robust security measures to protect traders and investors.
