Are Your Crypto Extensions Safe? $1M Binance Hack Reveals Risks

A recent $1 million hack of a Binance user highlights the dangers of malicious browser extensions.

Hacker watching Hong Kong Binance getting hacked.
Created by Kornelija Poderskytė from DailyCoin
  • Hacker exploits browser extension and stole $1M by hijacking web cookies.
  • Binance failed to free the hacker’s funds promptly.
  • Browser extensions are a major vulnerability for users. 

Keeping funds safe in the cryptocurrency world is increasingly challenging as cyber threats evolve. As one user recently found out, threats can come from rather unexpected sources, like browser extensions. 

Recently, Binance user reported losing $1 million from their account due to a hack facilitated by a malicious Chrome extension. This incident highlights the critical security risks associated with browser extensions.

How One Browser Extension Costs a User $1 Million

On Monday, June 3, one Binance user revealed that their account had been compromised, resulting in a loss of their savings amounting to $1 million. After contacting a security company, the user discovered that a browser extension “Aggr” was responsible. 


The since-deleted extension was available on the Chrome Web Store and could be used on most major browsers, including Google Chrome, Microsoft Edge, Opera, and Brave. According to the investigation, the extension collected the user’s cookies, especially those linked to Binance’s website. It then forwarded them to the hacker’s server.

Once in control of the cookies, the hacker could gain control of the account, bypassing the user’s password and two-factor authentication (2FA). Thanks to Binance’s slow response, the hacker managed to withdraw about $1 million from the account, most of the user’s savings. 

While Binance’s response could have been better in this case, the hack showcases just how dangerous malicious browser extensions can be. 

How to Protect Yourself From Dangerous Browser Extensions

Browser extensions, while providing various functionalities, pose significant security risks. Extensions typically require extensive permissions to function effectively, granting them access to browsing history, cookies, and passwords. This makes them prime targets for hackers, who either seek to exploit extensions or publish their extensions with malicious code in them. 


What is worse, extensions on Chrome Web Store are not manually verified for malware, and automated processes can miss malicious code. To ensure an extension is safe, a user should review its code manually. This, however, takes time and expertise. 

For most users, to reduce the risk of browser extensions they should: 

1. Remove All Unnecessary Browser Extensions: Review your installed extensions regularly and uninstall any that are no longer needed or recognized.

2. Never Use Obscure Extensions: Only use extensions developed by well-known publishers or those with large, active user communities. 

3. Review Permissions: Before installing an extension, carefully review the permissions it requests. Be cautious of extensions that ask for access to data unrelated to their primary function​. 

4. Clear Cookies Regularly: Clearing cookies removes stored session data that could be hijacked. Users can set up automatic intervals for clearing cookies in their browsers. 

By following these steps, users can protect themselves from at least some of the risks of browser hijacking, and its potential catastrophic consequences. 

On the Flipside

  • Binance frequently freezes funds from wallets associated with hacks, as it did in the case of the Ripple co-founder hack. 
  • In February, just 20 crypto hacks resulted in more than $100 million in losses. 

Why This Matters

Understanding the vulnerabilities associated with browser extensions and taking proactive steps helps users protect their investments. 

Read more about crypto scams: 
Cardano Scammers Impersonate Influencers: How to Stay Safe

Read more about how AI is changing DeFi: 
DeFi Becomes More Accessible Than Ever With Kinetix AI Tools 

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

David Marsanic

David Marsanic is a journalist for DailyCoin who covers the intersection of crypto, traditional finance, and government. He focuses on institutionalized crypto entities like major cryptocurrency exchanges and Solana, breaking down complex topics into easy-to-understand writing. David's prior experience as a business journalist at various crypto and traditional news sites has enabled him to maintain a critical approach to news while adhering to high journalistic integrity standards.