Hackers Steal Millions. A hacking scheme involving the promotional Aggr Chrome extension cost a Chinese trader $1 million. By stealing cookies from users, the promotional plugin enables hackers to access Binance accounts without using passwords or two-factor authentication (2FA).
X was the site where a trader recounted the nightmare of losing all of their money in an unexpected fraud. The trader, who uses the X moniker CryptoNakamao, claimed that on May 24th, their Binance account began trading at random. It wasn’t until they opened the Binance app to see the Bitcoin BTC $70,93 price that they recognized what was happening. He contacted Binance for help, but the hacker had already taken all of the money.
Hacker Stole Binance Cookie Data to Cross-Trading
The dealer asserted that the intruders had obtained his browser’s cookie data through a Chrome extension named Aggr. Unfortunately, the trader didn’t realize the plugin was actually malicious software designed to steal cookies and web browser data when they loaded it to get prominent trader data.
The hacker proceeded to collect cookies, use them to take over active user sessions without login or password, and then exploit leverage to make a killing by trading low-liquidity pairings at inflated prices. Despite the fact that the hacker was unable to take funds directly owing to 2FA, the trader explained that they were able to make profits by cross-trading by utilizing cookies and active login sessions. The trader asserted that the hacker had purchased a number of tokens on the highly liquid Tether USDT $1.00 trading pair and then executed limit sell orders that exceeded the market price on the Bitcoin, USD Coin USDC $1.00, and other low-liquid trading pairs.
The hacker finished the cross-trading after opening leveraged positions and purchasing a significant surplus. Without actually posting the transaction to the exchange, traders engage in what is known as a “cross trade” when their buy and sell orders for the same item are offset.
Trader Blames Binance
The dealer asserts that, despite the exceptionally high volume of trades, Binance failed to execute necessary security procedures. The exchange also did nothing to halt it, even after receiving complaints in a timely manner, they said. Due diligence by the trader revealed that Binance had known about the fraudulent plugin for some time and was already looking into it internally. The trader asserted that Binance knew the address of the hacker and the details of the plugin scam, but did nothing to alert the traders or stop the fraud. The investor penned:
Despite knowing about the theft and the regular cross-trading, Binance did nothing. For nearly an hour, hackers altered user accounts, triggering highly suspicious transactions across numerous currency pairs with no risk management in place; Binance was slow to promptly freeze the funds in the blatantly compromised user’s account. The impacted user had believed a separate issue from 1st March was caused by the fake “aggr.trade” plugin based on an X post dated May 28th, according to a spokeswoman from Binance, who told Cointelegraph that an examination into the situation had been discovered.
Based on the information the user gave us at the time, our inquiry into that occurrence did not uncover any such plugin. The representative said, “A community member promptly informed us about the plugin on May 27th, and we applied additional security precautions prior to the X post.” According to a later post by the impacted user, who understood the translation, he admitted to making “biased or unfounded accusations” during his primary probe into the matter.
