Hackers used a Google Chrome plug-in to steal over a million dollars from a Binance account.
The fraudulent plug-in, named Aggr, was designed to steal browser cookies, which allowed the hackers to bypass security measures such as passwords and two-factor authentication (2FA).
A trader from China with the username @CryptoNakamao on X shared that they lost their entire savings due to this security breach.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is a Liquidity Pool in Crypto? (Animated)
On May 24, CryptoNakamao noticed unusual trading activities in their Binance account. Despite immediately seeking assistance from Binance, the hackers had already drained all funds by the time help arrived.
The hackers exploited the Aggr plug-in to access the trader's browser cookies, enabling them to hijack active sessions without needing passwords or 2FA. Although the plugin was promoted as a tool for accessing top trader data, it was actually intended to steal browsing information.
Once they had the cookies, the hackers manipulated prices by executing leveraged trades. They bought tokens in highly liquid Tether (USDT) pairs and placed inflated sell orders in less liquid pairs like Bitcoin (BTC) and USD Coin (USDC). They opened leveraged positions, offsetting buy and sell orders for the same asset without recording the trades on the crypto exchange.
CryptoNakamao criticized Binance for not having adequate security measures to flag the unusually high trading activity, despite being aware of the malicious plug-in. They said:
Binance did nothing even though it was aware of the theft and frequent cross-trading. Hackers manipulated accounts for more than an hour, causing extremely abnormal transactions in multiple currency pairs without any risk control; Binance failed to freeze the funds of the obvious hacker’s single account in the platform in a timely manner.
This breach emphasizes the need for stronger security protocols and quicker responses from platforms like Binance to protect users from financial losses.
In other news, the Canadian Anti-Fraud Centre has recently reported a rise in "pig butchering" scams through dating apps and websites, where scammers build trust through romance and then lure victims into crypto investments.
