A recent cybersecurity breach has disrupted the cryptocurrency community, exposing vulnerabilities at Binance. A Chinese trader, known as CryptoNakamao, fell victim to hackers who stole $1 million using a malicious Google Chrome extension called Aggr. Initially presented as a tool for accessing trading data, the extension was actually designed to capture users’ cookie information and facilitate unauthorized access to their accounts.
How Did the Hackers Operate?
CryptoNakamao noticed something was amiss when he observed random trades on his Binance account. Checking Bitcoin prices through the app, he discovered unauthorized trading activity. Although he immediately sought assistance from Binance, the hackers had already managed to withdraw his funds before any intervention could occur.
The attackers circumvented traditional security protocols like passwords and two-factor authentication (2FA) by capturing cookie data via the Aggr extension. They exploited active user sessions to perform leveraged trades, manipulating the market by buying high-liquidity tokens and selling them against low-liquidity pairs.
Binance’s Security Measures Questioned?
Despite 2FA restrictions meant to block direct withdrawals, the hackers used session hijacking to carry out profitable trades. They acquired large amounts of Tether (USDT) and placed limit sell orders involving Bitcoin (BTC) and USD Coin (USDC), causing abnormal price spikes that they capitalized on through leveraged positions.
CryptoNakamao criticized Binance for not implementing sufficient security measures to prevent such breaches. He argued that Binance ignored suspicious trading activities and delayed responding to his alerts. Furthermore, he claimed Binance was aware of the risks posed by the Aggr extension but failed to warn users or take preventive action.
Key Lessons for Users
Security Tips:
- Avoid using unauthorized browser extensions.
- Regularly monitor account activities for unusual transactions.
- Enable multiple layers of security, such as hardware-based 2FA.
- Immediately report suspicious activities to your exchange.
- Stay informed about potential security threats and updates from your trading platform.
Disappointment at Its Peak
CryptoNakamao voiced his frustration with Binance’s handling of the apparent risks associated with the Aggr extension. He criticized Binance’s internal investigation for being inadequate and failing to shield users from continuous threats. Additionally, he condemned the exchange for not freezing the hacker’s account despite evident fraudulent activities.