A Chinese trader recently fell victim to a hacking scam that resulted in the loss of $1 million. The scam involved a Google Chrome plugin called Aggr, which was used to steal cookies from users. These stolen cookies allowed the hackers to bypass password and two-factor authentication (2FA) verification and gain access to the trader’s Binance account.
The trader, who goes by the username CryptoNakamao, shared their story of losing their life savings on a social media platform. They explained that on May 24, they noticed that their Binance account was making random trades without their knowledge. It was only when they opened the Binance app to check the price of Bitcoin that they realized something was wrong.
By the time the trader reached out to Binance for help, the hacker had already withdrawn all the funds from their account. The trader believes that the hackers gained access to their web browser cookie data through the Aggr plugin. They had installed the plugin to access trading data, but little did they know that it was actually a malicious software designed to steal their browsing data and cookies.
With the stolen cookies, the hackers were able to hijack active user sessions on Binance without needing a password or any authentication. They then carried out multiple leveraged trades to manipulate the price of low liquidity pairs and make a profit. Although the hacker couldn’t directly withdraw funds due to 2FA, they used the cookies and active login sessions to engage in cross-trading and generate profits.
The trader is placing blame on Binance, stating that the exchange did not have sufficient security measures in place despite the unusually high trading activity. They also claim that even after reporting the issue to Binance, the exchange failed to take action to stop the fraudulent activity.
During their investigation, the trader discovered that Binance had been aware of the fraudulent plugin for some time and was already conducting an internal investigation. Despite knowing the hacker’s address and the nature of the scam, Binance allegedly did not inform its users or take any steps to prevent the fraud.
In response to these allegations, a spokesperson from Binance stated that their investigation into the incident did not find any plugin based on the data provided by the user. They did, however, implement additional security measures after being alerted to the plugin by a community influencer.
It should be noted that the affected user has since acknowledged that their initial accusations may have been biased or unfounded in their personal investigations into the incident.
This incident serves as a reminder of the importance of maintaining strong security measures when engaging in online trading and being cautious of installing any unfamiliar plugins or software.