Binance Breach? Trader Loses $1M to Hacking Scam

A significant financial loss has befallen a Chinese trader, totalling $1 million, due to a deceitful scheme involving a promotional Google Chrome extension named Aggr.

The plugin, Aggr, reportedly extracted cookies from users, granting hackers access to bypass password and two-factor authentication (2FA) protocols, thus breaching the traders Binance account.

The incident, narrated by the trader under the pseudonym CryptoNakamao on the social media platform X, transpired on May 24. Upon checking the Bitcoin price through the Binance app, the trader detected peculiar trading activities within their account. Regrettably, by the time they sought assistance, the entirety of their funds had been withdrawn by the hacker.

The trader disclosed that the hackers infiltrated his web browsers cookie data through the Aggr Chrome extension. Initially installed for gaining insights from notable traders, the trader remained oblivious to its covert function of pilfering browsing data and cookies. Leveraging the stolen cookies, the hackers seized active user sessions, circumventing the necessity for passwords or authentication. This enabled them to execute numerous leveraged trades and exploit low liquidity trading pairs for profit.

Despite the hindrance of 2FA preventing direct fund withdrawals, the hackers utilized the cookies and active login sessions to engage in trading activities. Employing high liquidity tokens in the Tether (USDT) trading pair, the hackers placed limit sell orders at inflated prices across Bitcoin (BTC), USD Coin (USDC), and other trading pairs with low liquidity. Subsequently, they initiated leveraged positions, acquiring substantial amounts, and executed cross-trading manoeuvres, a tactic involving the offsetting of buy and sell orders for the same asset without recording the transaction on the exchange.

The trader levelled accusations against Binance, alleging a deficiency in implementing requisite security measures, especially considering the abnormal trading activities observed. Furthermore, the trader asserted that despite reporting the issue promptly, Binance failed to take timely action. According to the trader, Binance was already cognizant of the fraudulent nature of the plugin, yet failed to notify users or enact preventative measures.

In response, Yi He, co-founder of Binance, refuted CryptoNakamao‘s claims, attributing the account breach to the compromised state of the user’s own computer. Yi He clarified on social media that following the hack, the hacker was unable to withdraw funds, resulting in trading losses upon the sale of the victims coins.

Expressing sympathy for the trader's ordeal, Binance reiterated its stance, indicating that the cause of asset loss stemmed from the manipulation of the traders devices due to the installation of malicious plugins. Consequently, Binance disclaimed responsibility for compensating such instances unrelated to its platform.

Disagreeing with Binances assessment, Nakamao contended that the exchange had prior knowledge of the malicious plugin and had even encouraged a key opinion leader (KOL) to gather intelligence from the hacker.

In a cautionary note, Yi He advised users against logging into accounts with active cookie plugins to avert the inconvenience of repeated password entries. She emphasized Binances inability to provide compensation in instances of compromised login devices.