Hackers used a Google Chrome plug-in to steal over a million dollars from a Binance account.
The fraudulent plug-in, named Aggr, was designed to steal browser cookies, which allowed the hackers to bypass security measures such as passwords and two-factor authentication (2FA).
A trader from China with the username @CryptoNakamao on X shared that they lost their entire savings due to this security breach.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe – We publish new crypto explainer videos every week!
On May 24, CryptoNakamao noticed unusual trading activities in their Binance account. Despite immediately seeking assistance from Binance, the hackers had already drained all funds by the time help arrived.
The hackers exploited the Aggr plug-in to access the trader’s browser cookies, enabling them to hijack active sessions without needing passwords or 2FA. Although the plugin was promoted as a tool for accessing top trader data, it was actually intended to steal browsing information.
Once they had the cookies, the hackers manipulated prices by executing leveraged trades. They bought tokens in highly liquid Tether (USDT) pairs and placed inflated sell orders in less liquid pairs like Bitcoin (BTC) and USD Coin (USDC). They opened leveraged positions, offsetting buy and sell orders for the same asset without recording the trades on the crypto exchange.
CryptoNakamao criticized Binance for not having adequate security measures to flag the unusually high trading activity, despite being aware of the malicious plug-in. They said:
Binance did nothing even though it was aware of the theft and frequent cross-trading. Hackers manipulated accounts for more than an hour, causing extremely abnormal transactions in multiple currency pairs without any risk control; Binance failed to freeze the funds of the obvious hacker’s single account in the platform in a timely manner.
This breach emphasizes the need for stronger security protocols and quicker responses from platforms like Binance to protect users from financial losses.
In other news, the Canadian Anti-Fraud Centre has recently reported a rise in “pig butchering” scams through dating apps and websites, where scammers build trust through romance and then lure victims into crypto investments.
Having completed a Master’s degree in Economics, Politics, and Cultures of the East Asia region, Aaron has written scientific papers analyzing the differences between Western and Collective forms of capitalism in the post-World War II era.With close to a decade of experience in the FinTech industry, Aaron understands all of the biggest issues and struggles that crypto enthusiasts face. He’s a passionate analyst who is concerned with data-driven and fact-based content, as well as that which speaks to both Web3 natives and industry newcomers.Aaron is the go-to person for everything and anything related to digital currencies. With a huge passion for blockchain & Web3 education, Aaron strives to transform the space as we know it, and make it more approachable to complete beginners.Aaron has been quoted by multiple established outlets, and is a published author himself. Even during his free time, he enjoys researching the market trends, and looking for the next supernova.