Trader Loses Millions in Binance Hacking Scam via Chrome Plugin Access
A Chinese trader recently fell victim to a sophisticated hacking scam, losing $1 million due to a compromised Google Chrome plugin, which gained access to the trader’s Binance account.
The plugin stole cookies, allowing hackers to bypass security measures and access the trader’s Binance account, resulting in a significant financial loss.
Google Chrome Plugin-facilitated Attack on the Trader’s Binance Account
Today, it was reported that a Chinese trader lost $1 million in a hacking scam involving a Google Chrome plugin called Aggr. This plugin stole user cookies, which hackers then used to bypass password and two-factor authentication (2FA) protections to gain access to the victim’s Binance account. The trader, who uses the username CryptoNakamao on X, shared the details of the incident on the platform.
https://twitter.com/CryptoNakamao/status/1797519128632381847
On May 24, CryptoNakamao noticed random trades on their Binance account and realized the severity of the situation only after checking the Bitcoin price on the Binance app.
Unfortunately, by the time they sought help from Binance, the hacker had already withdrawn all the funds.
“I contacted customer service immediately, but during this process, the hacker was still operating my account. Logically, the hacker’s funds must still be on the platform, but the response I got from Binance was that the hacker withdrew all his funds from Binance safely.”
The hackers reportedly exploited cookie data stolen via the Aggr plugin, which the trader had installed to access data from prominent traders. The plugin was malicious software designed to steal web browsing data and cookies. With this data, hackers hijacked active user sessions without a password or authentication.
They conducted multiple leveraged trades to manipulate the prices of low liquidity pairs and profit from these actions.
Despite 2FA protections, the hackers used stolen cookies and active login sessions to cross-trade, buying several tokens in the highly liquid Tether trading pair. They placed limit sell orders exceeding market prices in Bitcoin, USD Coin, and other low-liquidity trading pairs. By opening leveraged positions and buying large amounts, they completed cross-trading without recording the transactions on the exchange.
CryptoNakamao criticized Binance for not implementing necessary security measures despite the unusually high trading activity and for failing to act even after timely complaints.
During their investigation, CryptoNakamao discovered that Binance was already aware of the fraudulent plugin and was conducting an internal investigation.
However, despite knowing the hacker’s address and the nature of the scam, Binance allegedly did not inform traders or take action to prevent the fraud.
“Binance did nothing even though it knew of the theft and frequent cross-trading,” CryptoNakamao wrote.
“Hackers manipulated accounts for over an hour, causing extremely abnormal transactions in multiple currency pairs without any risk control; Binance failed to freeze the funds of the obvious hacker’s single account on the platform on time.”
Crypto Heist Increasing Gradually
Japanese Bitcoin exchange DMM recently experienced a significant security breach on Friday, resulting in the loss of 4,502.9 bitcoins valued at 48.2 billion yen (USD 305 million). DMM confirmed the hack publicly, describing it as an “unauthorized leak of Bitcoin from our wallet.”
Despite the severity of the hack, DMM assured its customers that their Bitcoin deposits would be fully guaranteed. With support from partner companies, DMM plans to procure the equivalent amount of lost BTC. This incident marks one of the largest exchange hacks by fiat value, with historical comparisons to the Mt. Gox hack of 2014 and the CoinCheck hack of 2018.
A recent investigation by blockchain sleuth ZachXBT also revealed that the creators of the Solana-based memecoin CAT hacked the Twitter account of crypto influencer Gigantic-Cassocked-Rebirth (GCR) to manipulate cryptocurrency prices.
On May 26, the hackers used GCR’s account to promote ORDI and Luna 2.0 tokens, causing price spikes. ZachXBT found that the CAT team, which controlled over 63% of the token supply, sold $5 million worth of CAT and funneled some profits into trading on Hyperliquid. The attackers also opened significant positions on ORDI and Ether.fi (ETHFI), profiting $34,000 from ORDI but losing $3,500 on ETHFI.
