A cryptocurrency trader suffered a loss of US$1 million (around R$5 million) after falling victim to a hacking scam that used a promotional Google Chrome plugin called Aggr. The plugin stole cookies from users, allowing hackers to bypass password checks and two-factor authentication (2FA) to access the victim’s Binance account.
The investor, known by the username X CryptoNakamao, shared his experience on X (formerly Twitter), detailing how he lost his life savings in an unexpected scam.
On May 24, he noticed that his Binance account was carrying out random trades. When he opened the Binance app to check his Bitcoin transactions, he discovered that all of his funds had been withdrawn.
Scam involves Google Chrome plugin
According to the trader, hackers accessed his browser’s cookie data, stolen through the Aggr plugin. The investor installed the plugin to access important data. However, the program contained malicious software designed to steal browsing data and cookies.
Hackers used these cookies to hijack active sessions on Binance without needing passwords or two-factor authentication. This allowed them to carry out various leveraged trades to increase the price of low-liquidity pairs and profit from these transactions. Although they could not withdraw the funds directly due to 2FA, the hackers used the active login sessions to make profits through cross-trading.
The trader explained that hackers purchased several tokens in the Tether (USDT) trading pair and placed sell limit orders that exceeded the market price in Bitcoin (BTC), USD Coin (USDC) and other trading pairs with scarce liquidity.
They subsequently opened leveraged positions and purchased large amounts of cryptocurrencies, completing cross-trades, a practice in which buy and sell orders for the same asset are offset without registering the transaction on the platform.
Binance Liability
The trader criticized Binance for not implementing adequate security measures even after detecting unusually high trading activities. He stated that despite complaints made in a timely manner, the exchange did not take measures to prevent fraudulent transactions.
During his investigation, the trader discovered that Binance had been aware of the fraudulent plugin for some time. Since then, the exchange has been conducting an internal investigation. However, Binance did not inform traders or take action to prevent the scam.
The trader wrote that Binance failed to freeze the funds in the hacker’s account on the platform in time. This allowed hackers to manipulate accounts for over an hour and carry out extremely abnormal transactions.
Source: https://www.criptofacil.com/hackers-roubam-milhoes-de-contas-na-binance-por-meio-de-plugin-do-google-chrome/
