Companies Editor's Picks News

Binance Falls Victim to a Chrome Plugin, Trader Loses $1 Million

binance hack

TL;DR

  • A Chinese trader lost $1 million on Binance due to a hack related to the Chrome plugin “Aggr”.
  • Despite having two-factor authentication enabled, the hacker accessed the trader’s account using cookies and active login sessions.
  • Although Binance was aware of the malicious plugin, it did not implement adequate security measures or take action to stop the fraud.

A Chinese trader suffered a devastating loss of $1 million on Binance due to a hack involving the use of a Google Chrome plugin called Aggr. The incident has raised concerns about the security of funds on the renowned crypto platform.

CryptoNakamao, the affected trader, shared his experience in which his Binance account started making random trades on May 24. Although two-factor authentication (2FA) was enabled, the hacker managed to access his account using cookies and active login sessions. Through a process of cross-trading, the thief was able to steal almost all of Nakamao’s account funds.

The trader expressed dismay upon discovering that his assets had been wiped out in this manner, describing it as a loss representing most of his savings from several years. He revealed that he did not notice the fraudulent trades until he opened the Binance app to check Bitcoin’s price.

The method used to carry out the theft involved accessing the trader’s browser cookie data through a Chrome plugin called ‘Aggr’. Once installed, this malicious plugin allowed the hacker to initiate active user sessions without the need for a password or additional authentication.

binance post

Binance Ineffective Response

The thief(s) took advantage of these active sessions to execute multiple leveraged trades, manipulating the price of low liquidity pairs and profiting from these manipulations. Despite the unusual trading activity. Binance did not implement critical security measures or take action to stop the fraudulent behavior. Despite receiving relevant complaints from the affected trader.

Although Binance was aware of the fraudulent plugin and had initiated an internal investigation. It did not notify traders or implement measures to prevent future similar incidents. Only recently have they made a statement via Twitter, alerting users and providing some tips to avoid falling victim to this type of fraud.

The affected trader expressed disappointment with Binance’s response. Especially because the platform took over a day to notify other exchanges. Such as Kucoin and Gate, to freeze the funds transferred by the hacker. Although the trader acknowledged the professionalism of certain members of the platform’s support team. He remains concerned about the security of users’ funds and warns other investors about the risks of using centralized exchanges and hackable plugins.

Related posts

Australian Consumer Advocates Call for Urgent Regulation of the Crypto Sector

Joseph Alalade

Altcoins make a move upwards, Bitcoin and Ethereum also bounce back

Afroz Ahmad

Crypto Regulations Should be Similar to Traditional Bank Rules, Says Fed Vice Chair

Joseph Alalade