Hackers Exploit Chrome Plugin to Steal Millions from Binance Accounts

In a shocking turn of events, a Chinese trader fell victim to a hacking scam that cost them a staggering $1 million. The attack exploited a seemingly innocuous Google Chrome plugin called “Aggr,” which surreptitiously stole users’ cookies. These pilfered cookies allowed the hackers to bypass passwords and two-factor authentication (2FA), granting them unauthorized access to the victim’s Binance account.

The Aggr Plugin: A Trojan Horse

How the Scam Unfolded

The trader, who goes by the username CryptoNakamao, noticed unusual activity in their Binance account. On May 24, their account began trading randomly, catching them off guard. By the time they realized what was happening, the hacker had already withdrawn all the funds.

The Cookie Data Heist

The attackers gained access to the trader’s web browser cookie data through the Aggr Chrome plugin. Initially installed innocently to access prominent trader data, the plugin turned out to be a malicious tool designed to steal users’ browsing data and cookies. Armed with this information, the hackers hijacked active user sessions without requiring a password or authentication.

Cross-Trading Shenanigans

Unable to directly withdraw funds due to 2FA, the hackers employed a clever strategy. They used the stolen cookies and active login sessions to execute cross-trades. By manipulating the price of low-liquidity pairs, they profited handsomely. The process involved buying tokens in the Tether (USDT) trading pair, placing limit sell orders above market prices in Bitcoin and other scarce-liquidity pairs, and ultimately completing the cross-trading loop.

Binance’s Response and Trader’s Frustration

Despite the trader’s timely complaints, Binance allegedly failed to take adequate action. The exchange was aware of the fraudulent plugin but did not inform users or prevent the fraud. The trader expressed frustration, emphasizing that essential security measures were lacking, especially given the unusually high trading activity.

Leave a Reply

Your email address will not be published. Required fields are marked *