A user of crypto exchange Binance from China has reportedly lost an incredible $1 million in cryptocurrency assets in his Binance account.
A user named Nakamao shared on X about this breach saying that he is an undercover agent operating in the crypto circle siphoned off all the funds from his account.
Nakamao said that all required security procedures were in place for his Binance account. The user further mentioned that the hacker used “counter-trading” to drain all of the funds despite not having the password to Nakamao’s account or two-factor authentication (2FA).
On May 24, Nakamao noticed irregular trading patterns in his account. The hacker utilized a technique wherein they took control of Nakamao’s web cookies, enabling them to execute substantial trades in pairs with ample liquidity while placing limited sell orders at inflated rates in pairs with limited liquidity. The hacker made profits without triggering any security alerts from Binance.
The hacker proceeded to access Nakamao’s account and eventually took out all of the money without detection, even though they tried to get in touch with Binance customer support right away.
Nakamao bemoaned Binance’s inaction and inability to implement strong risk management procedures, which let the hacker’s blatantly obvious arbitrage operations proceed unabated.
Subsequent analysis showed that the Aggr, a malicious Chrome extension, was a key player in making the attack possible. Nakamao purchased this plugin on the advice of a foreign influencer KOL and it gave the hacker access to gather and use his cookies to take over ongoing user sessions. This method gave the hacker full access to Nakamao’s account by avoiding the requirement for 2FA and passwords.
This incident marks one of the first instances where a hacker solely utilized a Chrome extension to steal funds. Interestingly, the same plugin was employed in another case of money theft from a Binance account on March 1st. Nakamao’s experience underscores the inherent risks associated with using Chrome Web plugins.
In addition, Nakamao faulted Binance for lacking effective risk controls against the theft despite the hacker’s obvious transactions. He highlighted the exchange’s delay in freezing the hacker’s funds on other platforms, calling for heightened security measures at Binance.
After this hack, Binance highlighted in the X the possibility of rogue browser plugins jeopardizing account security and urged users to exercise caution. Users are recommended to use the official Binance application or a clean web browser when accessing the Binance website and to log out after each session.
It said, “We are in contact with the impacted user to provide assistance and support, and take this opportunity to remind all users to always stay vigilant. We also encourage the community to report potential vulnerabilities through our Bug Bounty Program, which leverages and rewards crowdsourcing to help raise awareness of potential threats earlier.’
Also Read: Binance to Delist OMG, WAVES, WXNM, and XEM from Trading
