- A Binance user has reported a million-dollar hack on his account.
- The user criticized Binance for a reluctant response to his report.
- Users are cautioned against using Chrome plugins in light of the growing cyber-attacks.
Hacks and scams in crypto often take different forms, with threat actors leveraging various vulnerabilities to lynch unsuspecting victims. The latest to feel the burn is a Chinese crypto investor who recently lost a million-dollar bag from his Binance account to hackers.
Fake Chrome Plugin Traps Binance User
On Monday, June 3, 2024, X user Crypto Nakamao, a Binance user and Chinese investor took to his official X account to relay a devastating ordeal, stating that he fell victim to an undercover attack in the crypto industry.
Sponsored
According to Nakamao, the hack occurred on May 24, 2024, when the attacker manipulated his account to unauthorizedly trade various assets, resulting in approximately $1 million being wiped out from his Binance account.
The hacker purchased several corresponding tokens in the USDT trading pair with abundant liquidity, placing limit sell orders exceeding the market price in the BTC, USDC, and other trading pairs with scarce liquidity. Finally, the hacker used my account to open leveraged trading, bought a large amount in excess, and completed the counter-trading.
Security investigation revealed that the hacker had hijacked Nakamaoโs web cookies through a malicious Chrome plugin called Aggr, which allowed the hacker to control his account without requiring passwords or 2FA, facilitated by using his active session cookies.
However, what was more puzzling for this user was Binanceโs questionable security level.
Binance โSlowโ to Hack-tion
Narrating his ordeal further, Nakamao expressed frustration over Binanceโs handling of the situation. He stated that throughout the procedure, there were no security alerts or warnings from Binance, adding that the hacker successfully moved the funds without any hurdles or restriction.
The Chinese investor added that the exchange was aware of the vulnerability in question, citing CEO Richard Tengโs statement that it was working to uncover the root cause of the attack following a similar March 1 attack.
โIt turns out that Binance knew about the existence of this plugin a long time ago, and even encouraged the KOL and the hacker to obtain more information,โ he stated, adding that โBinance may have continued to track down the hacker to avoid alerting the enemy, and did not notify the suspension of this product in time, and I became a victim.โ
He further condemned the exchange’s โslow responseโ despite his urgent contact with customer representatives, which contributed to the unrecovered stolen funds.
Nakamao ended his notice by cautioning users against downloading and using Chrome web plugins, adding that they can cause as much damage as malicious applications. โDo not download and use Chrome plugins at will! To alert everyone, I can list the most extreme case: your frequently used Chrome plugin can even implant malicious code after an update,โ he stated.
Discover more about recent hacks and scams in the crypto industry:
Velocore Offers Bounty to Hacker Following $7 Million Hack
Read more about how to stay safe from the increasing wave of cyber attacks:
Crypto Boom Attracts Scammers: Hereโs What to Watch Out For
