A trader from China became a victim of a hacking scam leading to a loss of $1 million through a deceptive Google Chrome plugin called Aggr. This promotional plugin is designed to extract cookies from users, enabling hackers to bypass password and two-factor authentication security measures and gain unauthorized access to the victim's Binance account.
The trader shared the traumatic experience of losing substantial savings unexpectedly to a scam. Known as CryptoNakamao on the platform X, the trader narrated the events that unfolded on May 24 when his Binance account displayed unusual trading activity, which he noticed when checking the Bitcoin price on the Binance app.
Upon reaching out to Binance for help, the trader found out that all the funds had already been withdrawn by the hacker.
Unauthorized Trading Exploiting Cookie Data
The trader revealed that the hackers exploited his web browser's cookie data, which they acquired via the malicious Chrome plugin, Aggr. Initially installed for accessing significant trader data, the plugin turned out to be a tool for unauthorized collection of users' browsing information and cookies.
By utilizing these stolen cookies, the hackers gained access to active user sessions without the need for a password or authentication. They then proceeded to conduct leveraged trades that artificially manipulated the prices of low liquidity pairs to generate profits from the illicit trading activities.
Binance Criticism and Security Issues
Blaming Binance for the security breach, the trader highlighted the lack of essential security measures despite the abnormal trading behavior. The trader criticized Binance for its alleged ineffective response even after being notified about the suspicious activities.
During the investigation, the trader discovered that Binance was aware of the fraudulent plugin and was investigating internally. Despite having knowledge of the hacker's identity and the nature of the scam, Binance reportedly failed to inform traders or take preventive actions against the malicious activities.
Quoting the trader:
"Binance remained passive despite being informed about the theft and continuous cross-trading. For over an hour, hackers manipulated accounts, engaging in highly irregular transactions in various currency pairs without any risk management measures. Binance did not freeze the funds of the apparent hacker's account on the platform in a timely manner."
Cointelegraph's attempts to obtain a response from Binance remained unanswered at the time of reporting.
