A Chinese crypto trader (alias CryptoNakamao on platform X) lost a staggering $1 million after falling victim to a hacking scheme. The culprit? A seemingly harmless Google Chrome extension called Aggr was later discovered to be malicious.
Aggr functioned by stealing user cookies, essentially bypassing security measures like passwords and two-factor authentication (2FA) for Binance accounts. CryptoNakamao reported erratic trading activity on their Binance account on May 24th. Tragically, by the time they contacted Binance for assistance, all funds were depleted.
The hack unfolded through stolen cookie data. The hackers hijacked active trading sessions, eliminating the need for login credentials. They then manipulated low-liquidity trading pairs through leveraged trades to maximize profits. Notably, while 2FA prevented direct withdrawals, the compromised sessions allowed for substantial gains through cross-trading.
The trader criticized Binance for what they perceived as inadequate security measures. They highlighted the platform's alleged failure to detect unusual trading patterns and lack of responsiveness to timely complaints. Further investigation revealed Binance was aware of the fraudulent extension but didn't warn users or take preventive action. Binance has yet to respond to requests for comment.
This incident highlights the significant financial losses possible in the cryptocurrency market, especially with the recent rise in the BTC price. It serves as a reminder for users to be cautious with online activity and implement robust security measures to protect their digital assets.