User loses millions on Binance due to malicious Google Chrome plugin

Published on June 5, 2024
By: Xalyur Immudetes

Featured image for “User loses millions on Binance due to malicious Google Chrome plugin”

We live among people fascinated by taking what isn’t theirs… Hackers are constantly finding new ways to refine their techniques. This time, the victim was a Binance user from China who lost a staggering 1 million dollars due to a compromised Google Chrome extension.

In this case, the plugin Aggr was used to steal the user’s cookies and bypass both password protection and two-factor authentication (2FA). Incidents like this shouldn’t lead people to underestimate the security that 2FA provides. While no method is perfect, two-factor authentication is essential these days. We’ll be publishing a detailed note on this soon.

The victim, known by the alias @CryptoNakamao on X, took to the social platform to share the details of the tragic incident. He revealed that the stolen funds represented nearly all of his savings and criticized Binance’s customer service. Additionally, he warned the community to be extremely cautious with Chrome extensions, as some may implant malicious code during updates.

This started on May 24, as the trader was heading home from work… At one point, “CryptoNakamao” decided to check the Bitcoin price on his Binance account, only to find multiple unauthorized trades in progress. He promptly contacted Binance customer service, but unfortunately, it was too late—the hacker had already withdrawn the funds.

“Binance staff responded slowly and offered no assistance in recovering our losses. As a long-time Binance user, this was incredibly disappointing.

As for malicious Chrome plugins causing significant losses, such cases are rare in China’s crypto community; this may be the first instance. It’s crucial to recognize that Chrome web extensions can pose just as much risk as downloading a malicious app.

If you install and activate a malicious plugin, hackers can harvest your cookies, allowing them to hijack your active session and gain control without needing your password or 2FA.

The whole situation feels surreal. I’m sharing my story in hopes of helping others learn from it. Never did I imagine my assets would be stolen in such a manner. Let this be a cautionary tale for fellow crypto investors”.

“CryptoNakamao” installed the Aggr plugin to access influential traders’ data more easily. However, the extension turned out to be malicious software designed to pilfer web browsing data. The hacker placed many sell orders at values exceeding market prices for Bitcoin, USDC, and other pairs. By leveraging positions and making substantial purchases, he executed cross-trades without leaving any trace on the exchange.

“The hacker tampered with the account for more than an hour, placing highly unusual transactions across multiple currency pairs without any risk control. Binance failed to freeze the account funds promptly”.

Stay in the loop with our Newsletter and social media channels for weekly updates on crypto events and Hamza.biz, the pioneering Web3 e-commerce platform powered by the Loadpipe protocol and the LOAD token. Built on Ethereum, our solution aims to elevate the e-commerce experience by offering low gas fees and unrestricted trading. Click here to explore our roadmap for Hamza.

Further news: