Chinese Investor Raises Alarm over $1M Binance Hack

The investor criticized Binance’s security practices and its slow response to his loss.

Asian man angry with crypto coins on Binance.
Created by Kornelija Poderskytė from DailyCoin
  • A Binance user has reported a million-dollar hack on his account.
  • The user criticized Binance for a reluctant response to his report.
  • Users are cautioned against using Chrome plugins in light of the growing cyber-attacks.

Hacks and scams in crypto often take different forms, with threat actors leveraging various vulnerabilities to lynch unsuspecting victims. The latest to feel the burn is a Chinese crypto investor who recently lost a million-dollar bag from his Binance account to hackers.

Fake Chrome Plugin Traps Binance User

On Monday, June 3, 2024, X user Crypto Nakamao, a Binance user and Chinese investor took to his official X account to relay a devastating ordeal, stating that he fell victim to an undercover attack in the crypto industry. 

Sponsored

According to Nakamao, the hack occurred on May 24, 2024, when the attacker manipulated his account to unauthorizedly trade various assets, resulting in approximately $1 million being wiped out from his Binance account.

The hacker purchased several corresponding tokens in the USDT trading pair with abundant liquidity, placing limit sell orders exceeding the market price in the BTC, USDC, and other trading pairs with scarce liquidity. Finally, the hacker used my account to open leveraged trading, bought a large amount in excess, and completed the counter-trading.

Security investigation revealed that the hacker had hijacked Nakamao’s web cookies through a malicious Chrome plugin called Aggr, which allowed the hacker to control his account without requiring passwords or 2FA, facilitated by using his active session cookies. 

However, what was more puzzling for this user was Binance’s questionable security level.

Binance “Slow” to Hack-tion

Narrating his ordeal further, Nakamao expressed frustration over Binance’s handling of the situation. He stated that throughout the procedure, there were no security alerts or warnings from Binance, adding that the hacker successfully moved the funds without any hurdles or restriction.

Sponsored

The Chinese investor added that the exchange was aware of the vulnerability in question, citing CEO Richard Teng’s statement that it was working to uncover the root cause of the attack following a similar March 1 attack.

“It turns out that Binance knew about the existence of this plugin a long time ago, and even encouraged the KOL and the hacker to obtain more information,” he stated, adding that “Binance may have continued to track down the hacker to avoid alerting the enemy, and did not notify the suspension of this product in time, and I became a victim.”

He further condemned the exchange’s “slow response” despite his urgent contact with customer representatives, which contributed to the unrecovered stolen funds.

Nakamao ended his notice by cautioning users against downloading and using Chrome web plugins, adding that they can cause as much damage as malicious applications. “Do not download and use Chrome plugins at will! To alert everyone, I can list the most extreme case: your frequently used Chrome plugin can even implant malicious code after an update,” he stated.

Discover more about recent hacks and scams in the crypto industry:
Velocore Offers Bounty to Hacker Following $7 Million Hack 

Read more about how to stay safe from the increasing wave of cyber attacks:
Crypto Boom Attracts Scammers: Here’s What to Watch Out For

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
Grace Abidemi

Grace Abidemi, a cryptocurrency reporter at DailyCoin, covers industry developments and trends. She previously worked as a freelance writer. With a Bachelor's degree in German Language and certifications in marketing and storytelling, Grace creates engaging content. When not working, she's in Nigeria, mastering cooking and canvas painting, and enjoys learning about different cultures and languages.