Millions Lost: Malicious Chrome Plugin Exploited Binance Accounts
A Chinese trader recently fell victim to a sophisticated hacking scheme, losing a staggering $1 million from their Binance account. The culprit? A seemingly innocuous Google Chrome plugin called Aggr.
Aggr, disguised as a promotional plugin, contained malicious code that stole user cookies. These cookies, crucial for maintaining login sessions, were then exploited by hackers to bypass security measures like passwords and two-factor authentication (2FA) on the victim’s Binance account.
The trader, known online as CryptoNakamao, recounted the harrowing experience on platform X. They described noticing unusual trading activity within their Binance account on May 24th. Upon checking the app, they discovered unauthorized trades happening in real-time. Sadly, by the time CryptoNakamao contacted Binance for help, the hackers had already drained the entire account.
Exploiting Cookies for Cross-Trading
The stolen cookies allowed hackers to hijack CryptoNakamao’s active session on Binance. This essentially gave them control of the account without needing the password or additional verification. The hackers then executed a series of leveraged trades, a risky strategy that involves borrowing funds from the exchange to amplify potential profits.
Their goal? To manipulate the price of low-liquidity trading pairs (meaning there weren’t many buyers or sellers). Here’s how:
- Hackers first purchased tokens in a highly liquid pair (e.g., Tether) and placed inflated sell orders on low-liquidity pairs like Bitcoin or USD Coin.
- By leveraging their position and buying a large amount of the low-liquidity token, they could artificially inflate the price.
- With the price artificially high, they could then sell their earlier purchases at a profit through the pre-placed sell orders.
This deceitful practice, known as cross-trading, allows hackers to profit without actually recording the transaction on the exchange itself.
Binance Under Fire
CryptoNakamao blames Binance for failing to implement adequate security measures, despite red flags like the abnormally high trading activity. They allege that Binance was aware of the fraudulent Aggr plugin and the ongoing cross-trading scheme, yet took no action to protect users.
The trader claims Binance knew the hacker’s address and the nature of the scam but neglected to warn its users or freeze the hacker’s account. This lack of intervention ultimately allowed the hackers to steal a significant sum of money.
