A new wave of cybercrime has struck, targeting Binance users through a malicious Chrome plugin. The incident has left traders devastated, with one Chinese trader losing $1 million.
On May 24, a trader, known as CryptoNakamao on X, discovered his Binance account was being drained through unauthorized trades. This alarming discovery was made while checking Bitcoin prices on the Binance app. Despite seeking help from Binance, the funds were already gone by the time assistance arrived.
The hackers exploited a Chrome plugin called Aggr, which was promoted to access prominent trader data. However, it was a front to steal users’ web browsing data and cookies. These cookies allowed hackers to hijack active sessions, bypassing passwords and two-factor authentication (2FA).
Using the stolen cookies, the hackers conducted multiple leveraged trades. They manipulated low liquidity pairs to profit without needing direct access to withdraw funds, effectively bypassing Binance’s 2FA security.
The hackers executed their plan by buying tokens in Tether pairs with abundant liquidity and placing inflated limit sell orders in Bitcoin and USD Coin pairs, which had scarce liquidity. By opening leveraged positions, they manipulated the market to cross-trade, profiting significantly without recording the trades on the exchange.
The affected trader criticized Binance, accusing the exchange of failing to implement critical security measures despite noticing unusual trading activities. According to the trader, Binance was aware of the fraudulent plugin but did not alert users or take preventive actions.
“Binance did nothing even though it knew of the theft and frequent cross-trading. Hackers manipulated accounts for over an hour, causing extremely abnormal transactions in multiple currency pairs without any risk control; Binance failed to freeze the funds of the obvious hacker’s single account on the platform on time,” the trader stated.
This incident serves as a stark reminder for traders to exercise caution and ensure robust security measures to protect their assets from such sophisticated cyber threats.