In a shocking turn of events, a Chinese trader fell victim to a hacking scam that cost them a staggering $1 million. The attack exploited a seemingly innocuous Google Chrome plugin called âAggr,â which surreptitiously stole usersâ cookies. These pilfered cookies allowed the hackers to bypass passwords and two-factor authentication (2FA), granting them unauthorized access to the victimâs Binance account.
The Aggr Plugin: A Trojan Horse
How the Scam Unfolded
The trader, who goes by the username CryptoNakamao, noticed unusual activity in their Binance account. On May 24, their account began trading randomly, catching them off guard. By the time they realized what was happening, the hacker had already withdrawn all the funds.
The Cookie Data Heist
The attackers gained access to the traderâs web browser cookie data through the Aggr Chrome plugin. Initially installed innocently to access prominent trader data, the plugin turned out to be a malicious tool designed to steal usersâ browsing data and cookies. Armed with this information, the hackers hijacked active user sessions without requiring a password or authentication.
Cross-Trading Shenanigans
Unable to directly withdraw funds due to 2FA, the hackers employed a clever strategy. They used the stolen cookies and active login sessions to execute cross-trades. By manipulating the price of low-liquidity pairs, they profited handsomely. The process involved buying tokens in the Tether (USDT) trading pair, placing limit sell orders above market prices in Bitcoin and other scarce-liquidity pairs, and ultimately completing the cross-trading loop.
Binanceâs Response and Traderâs Frustration
Despite the traderâs timely complaints, Binance allegedly failed to take adequate action. The exchange was aware of the fraudulent plugin but did not inform users or prevent the fraud. The trader expressed frustration, emphasizing that essential security measures were lacking, especially given the unusually high trading activity.