Companies Editor's Picks News

Binance Falls Victim to a Chrome Plugin, Trader Loses $1 Million

binance hack

TL;DR

  • A Chinese trader lost $1 million on Binance due to a hack related to the Chrome plugin “Aggr”.
  • Despite having two-factor authentication enabled, the hacker accessed the trader’s account using cookies and active login sessions.
  • Although Binance was aware of the malicious plugin, it did not implement adequate security measures or take action to stop the fraud.

A Chinese trader suffered a devastating loss of $1 million on Binance due to a hack involving the use of a Google Chrome plugin called Aggr. The incident has raised concerns about the security of funds on the renowned crypto platform.

CryptoNakamao, the affected trader, shared his experience in which his Binance account started making random trades on May 24. Although two-factor authentication (2FA) was enabled, the hacker managed to access his account using cookies and active login sessions. Through a process of cross-trading, the thief was able to steal almost all of Nakamao’s account funds.

The trader expressed dismay upon discovering that his assets had been wiped out in this manner, describing it as a loss representing most of his savings from several years. He revealed that he did not notice the fraudulent trades until he opened the Binance app to check Bitcoin’s price.

The method used to carry out the theft involved accessing the trader’s browser cookie data through a Chrome plugin called ‘Aggr’. Once installed, this malicious plugin allowed the hacker to initiate active user sessions without the need for a password or additional authentication.

binance post

Binance Ineffective Response

The thief(s) took advantage of these active sessions to execute multiple leveraged trades, manipulating the price of low liquidity pairs and profiting from these manipulations. Despite the unusual trading activity. Binance did not implement critical security measures or take action to stop the fraudulent behavior. Despite receiving relevant complaints from the affected trader.

Although Binance was aware of the fraudulent plugin and had initiated an internal investigation. It did not notify traders or implement measures to prevent future similar incidents. Only recently have they made a statement via Twitter, alerting users and providing some tips to avoid falling victim to this type of fraud.

The affected trader expressed disappointment with Binance’s response. Especially because the platform took over a day to notify other exchanges. Such as Kucoin and Gate, to freeze the funds transferred by the hacker. Although the trader acknowledged the professionalism of certain members of the platform’s support team. He remains concerned about the security of users’ funds and warns other investors about the risks of using centralized exchanges and hackable plugins.

Related posts

The Rise of Degen Chain: Leading TPS Provider in the Ethereum Ecosystem

fernando

How to get Airdrop BitTorrent (BTT) and which exchanges support it?

alfonso

Course Ethereum: analysis of market news, January 12, 2019

alfonso