Cloud Hosting

Update (04/06/2024 at 19h30 UTC): This article has been updated to include comment from a Binance spokesperson.

A Chinese trader lost $1 million to a hacking scam using a promotional Google Chrome plugin called Aggr. The promotional plugin steals cookies from users, which hackers use to bypass password and two-factor authentication (2FA) verification and log into the victims Binance account.

A trader took to X to recount the ordeal of losing their life savings to an unexpected scam.The trader, who goes by the X username CryptoNakamao, said that on May 24, their Binance account started trading randomly, and they only realized this after opening the Binance app to check the Bitcoin (BTC) price.

By the time he sought assistance from Binance, the hacker had already withdrawn all funds.

The trader claimed that the hackers had gained access to his web browser cookie data, which they had stolen via a Chrome plugin called Aggr. The trader installed the plugin to access prominent trader data only to realize malicious software was created to steal users web browsing data and cookies.

The hacker then used the collected cookies to hijack active user sessions without a password or authentication and carried out multiple leveraged trades to spike the price of low liquidity pairs and profit from them.

Related: Ethereum due for new all-time high as countdown to Ether ETF nears end

The trader explained that even though the hacker couldnt withdraw funds directly due to 2FA, they used the cookies and active login sessions to make profits through cross-trading.

The trader claimed that the hacker bought several tokens in the Tether (USDT) trading pair with abundant liquidity and placed limit sell orders exceeding the market price in the Bitcoin, USD Coin (USDC) and other trading pairs with scarce liquidity.

Finally, the hacker opened leveraged positions, bought a large amount in excess, and completed the cross-trading. A cross trade is a practice where buy and sell orders for the same asset are offset without recording the trade on the exchange.

The trader claims that Binance did not implement essential security measures despite unusually high trading activity. Furthermore, even after receiving timely complaints, the exchange failed to take action to stop it, they added.

In their investigation, the trader discovered that Binance had been aware of the fraudulent plugin for quite some time and was already conducting an internal investigation. Despite knowing the hackers address and the nature of the plugin scam, the trader claimed Binance failed to inform the traders or take any actions to prevent the fraud. The trader wrote:

A spokesperson from Binance told Cointelegraph that an investigation into the incident uncovered that the affected user had assumed a separate incident from 1st March was due to the fraudulent aggr.trade plugin based on an X post dated 28th May

Our investigation of that incident did not find any such plugin based on the data and material provided to us by the user at that time. Prior to the X post a community influencer had alerted us to the plugin on 27th May and we immediately implemented additional security measures, the spokesperson said.

A subsequent post from the affected user translated by Cointelegraph notes that he had made some biased or unfounded accusations in his initial personal investigations into the incident.

Magazine: Ether ETFs expected in June, CZ leaves Binance France, and other news: Hodlers Digest, May 26 June 1

Originally posted here:

Hackers exploit Chrome plugin to steal millions from Binance accounts - Cointelegraph