Chrome Plugin Hack Drains Millions from Binance Accounts
A Chinese trader incurred a loss of $1 million through a hacking scam linked to a promotional Google Chrome plugin named Aggr. This plugin was designed to steal cookies from users’ browsers, allowing hackers to bypass both password and two-factor authentication systems to access the victim’s Binance account. The trader, who goes by the username CryptoNakamao on social media, narrated the entire experience, highlighting how their life savings were wiped out by the unexpected scam.
On May 24, CryptoNakamao noticed irregular trading activities on their Binance account. The trader had only discovered these activities after checking the Bitcoin (BTC) price on the Binance app. Despite reaching out to Binance for help, by the time assistance was sought, the hacker had already drained all the funds from the account. The hacker had used the promotional Chrome plugin, Aggr, to steal cookie data, which they then exploited to execute unauthorized trades.
The trader explained that these malicious actors were able to access cookie data to hijack active sessions without needing to bypass password or two-factor authentication directly. Using the stolen cookies, the hacker conducted leveraged trades, manipulating low liquidity pairs for profit. Even though the hacker couldn’t directly withdraw funds due to two-factor authentication barriers, they still managed to carry out profitable cross-trading activities using the hijacked sessions.
In more detail, the hacker purchased multiple tokens in the Tether (USDT) trading pair, which is known for its abundant liquidity. They then placed limit sell orders that exceeded the market price in Bitcoin, USD Coin (USDC), and other pairs with less liquidity. Utilizing leveraged positions, the hacker bought a significant amount in excess, successfully completing the cross-trade without the transactions being recorded on the exchange in the usual manner.
The disgruntled trader asserted that Binance failed to implement critical security measures despite the unusually high trading activity. Even after timely complaints were lodged, Binance failed to act promptly to halt the unauthorized transactions. During their own investigation, CryptoNakamao found that Binance had been aware of the fraudulent plugin for some time and was already conducting an internal review.
Despite the internal investigation and knowledge about the fraudulent plugin, the trader claimed that Binance did not inform its users or take necessary preventive measures. This lack of action allowed the hacker to manipulate accounts for over an hour, leading to abnormal transactions across multiple currency pairs without Binance freezing the funds in the compromised account in time.
The trader also highlighted that despite knowing the hacker’s address and the operational mechanics of the scam, Binance did nothing substantial to protect its users or mitigate the damage caused. This inaction resulted in significant financial losses and traders being left vulnerable to the scam.
Expressing their frustration and disappointment, the trader pointed out that Binance’s failure to act allowed hackers to carry out manipulative activities, resulting in extremely abnormal transactions without any intervention from the exchange’s risk control mechanisms.
When approached for comments, Binance did not respond, leaving lingering questions about the effectiveness of its security measures and its transparency with users regarding known threats.
32 thoughts on “Chrome Plugin Hack Drains Millions from Binance Accounts”
Leave a Reply
You must be logged in to post a comment.
Sending virtual hugs to CryptoNakamao. No one should have to deal with this alone.
Binance needs to be held accountable for failing to protect their users. They should have stopped the transactions immediately upon noticing irregular activities.
Negligence at its finest! Binance had all the information but still left its users exposed to the scam. Extremely disappointing and frustrating.
Sending all the strength to CryptoNakamao. This calls for better protocols from Binance. 🚀” 🔐
This is really disheartening. I can’t imagine losing my life savings like that. Hang in there, CryptoNakamao!
Such a frustrating tale. It really emphasizes the need for better cybersecurity. Thanks for sharing.
Binance totally dropped the ball on this one. If they were aware of the fraudulent plugin, why wasn’t there an alert to users? This feels like gross negligence. 😤
Heartbreaking to hear such stories. Really hope Binance learns a lesson here.
Crypto trading is already risky without this kind of drama. Binance, step up!
This just shows how important cybersecurity is in the crypto world. Hang in there, CryptoNakamao!
Absolutely devastating for CryptoNakamao. Binance’s failure to act promptly is inexcusable. How could they let this happen when they knew about the scam? 😵💫
Completely unacceptable for Binance to ignore such a major security threat. CryptoNakamao lost their life savings because of sheer negligence! Disaster waiting to happen. 😤
Disgraceful! Binance had knowledge about the scam but failed to inform its users. Such an irresponsible way to manage security threats!
Such a well-detailed account of a horrible experience. We all need to learn from this. Stay strong, CryptoNakamao! 🛡️” 🧐
Unbelievable! This needs immediate attention from Binance. Hopefully, they rectify the issue soon.
The fact that Binance didnt freeze the funds despite abnormal trading activity is mind-boggling. Such lack of responsiveness is harmful to their users.
Wow, what a nightmare for CryptoNakamao! Really hope Binance steps up their security game. We all deserve better protection!
Hats off to CryptoNakamao for sharing such a vulnerable experience. Hopefully, changes will be made.
How could Binance let this happen? Knowing about the scam and still failing to protect users shows a serious lack of care. Unacceptable!
A wake-up call for all crypto users. More needs to be done to protect us! Thanks for the warning, CryptoNakamao.
This is beyond frustrating. Why was Binance not more proactive? They had knowledge of the issue but left users vulnerable. Such negligence!
Wishing you’d get every dollar back, CryptoNakamao. Binance, please act fast! 💪🔒” 🌐
CryptoNakamao’s losses are a direct result of Binances poor security measures. This isn’t just a loss of money; it’s a loss of trust in the platform.
It’s just shocking how these things can happen. Let’s hope Binance addresses this swiftly.
This is extremely disappointing! Binance should have acted sooner to protect their users. The fact that they knew about the fraudulent plugin and did nothing is unacceptable. 😡
Incredibly sad to see this happen. Binance needs to be more proactive about security. Thanks for sharing, CryptoNakamao.
Can’t believe Binance didn’t act in time. An eye-opener for sure. Stay safe out there, traders! 💭” 🔍
Unbelievable! How did Binance let hackers manipulate trades for over an hour without freezing the account? Their security protocols need a serious overhaul. 🚨
Absolutely terrifying how easy it was for these hackers. Really hope Binance improves their system soon. 🙏” 🚀
Stay positive, CryptoNakamao. Your story is not going unnoticed.
CryptoNakamao’s experience is a horrifying example of how poor security can ruin lives. Binance needs to step up and take responsibility. 💸
Terrible to see a user lose everything because Binance didn’t act in time. Clearly, there’s a lack of effective risk control mechanisms on the platform. 😞