Hackers Steal Millions from Binance Accounts

A Chinese trader lost $1 million due to a hacking scam involving a deceptive Google Chrome plugin named Aggr.

This plugin steals users' cookies, which the hackers then use to circumvent password and two-factor authentication (2FA) verifications, gaining access to the victim’s Binance account.

The trader, who uses the X username CryptoNakamao, shared on X how they lost their life savings to this unforeseen scam.

They noticed on May 24 that their Binance account began executing random trades, a discovery made only after they opened the Binance app to check Bitcoin prices.

By the time they sought help from Binance, the hacker had already siphoned off all the funds.

The trader explained that the hackers accessed his web browser's cookie data through a Chrome plugin named Aggr, which he had installed hoping to access data from prominent traders, only to find out it was malware designed to steal web browsing data and cookies.

The hacker exploited these stolen cookies to bypass the need for a password or authentication, conducting several leveraged trades to artificially inflate the prices of certain low liquidity pairs for profit.

The trader described that although the hacker could not directly withdraw funds due to 2FA, they utilized the cookies and active login sessions to execute profitable trades across different pairs.

The trader detailed how the hacker purchased multiple tokens in the Tether trading pair, which had high liquidity, and set limit sell orders well above the market price in the Bitcoin, USD Coin, and other less liquid trading pairs.

Subsequently, the hacker took on leveraged positions, bought large amounts excessively, and completed the cross-trading.

Cross trading is an activity where buy and sell orders for the same asset are matched without the transaction being recorded on the exchange.

The trader criticized Binance for not implementing adequate security checks despite the high volume of unusual trading activity and claimed that even after complaints were promptly filed, the exchange did not act swiftly to halt the activities.

During their own investigation, the trader found out that Binance had been aware of the malicious plugin for some time and was already investigating it internally.

Despite this knowledge and being aware of the hacker’s address and the nature of the plugin scam, the trader accused Binance of failing to alert its traders or take preventive measures against the fraud.

The trader wrote:

“Binance did nothing even though it knew of the theft and frequent cross-trading. Hackers manipulated accounts for over an hour, causing extremely abnormal transactions in multiple currency pairs without any risk control; Binance failed to freeze the funds of the obvious hacker’s single account in the platform on time.”

Sources:

https://cointelegraph.com/news/hackers-steal-millions-chrome-plugin-binance-scam

https://x.com/CryptoNakamao/status/1797519128632381847