Wednesday Newsletter

Explore the latest trends, gain valuable insights, and stay informed in the dynamic cryptocurrency ecosystem.

05 June 2024

A dangerous Chrome plugin named Aggr has been used by hackers to steal millions from Binance users. The plugin covertly captures cookies, allowing hackers to bypass password and two-factor authentication (2FA) protections and gain unauthorized access to Binance accounts.

A Chinese trader, who uses the X username CryptoNakamao, recently fell victim to this scam, losing $1 million. The trader recounted on X that on May 24, they noticed unusual trading activities on their Binance account after checking Bitcoin prices. Despite seeking help from Binance immediately, the funds had already been drained by the hacker.

How the Hackers Exploited the Chrome Plugin

The hacker’s strategy involved using the Aggr plugin to extract cookie data from the trader’s web browser. This malicious software facilitated the hijacking of active user sessions without needing passwords or 2FA. The hackers then engaged in leveraged trades, manipulating low liquidity pairs to generate profits.

Even though the hacker couldn’t directly withdraw funds due to 2FA, they exploited active login sessions to conduct cross-trading. They bought tokens in the Tether (USDT) trading pair and placed sell orders exceeding the market price in Bitcoin (BTC), USD Coin (USDC), and other pairs with low liquidity. By opening leveraged positions and executing cross trades, they managed to make significant profits.

Trader Accuses Binance of Negligence

CryptoNakamao criticized Binance for failing to implement necessary security measures despite the unusually high trading activity. They claimed Binance was aware of the fraudulent plugin but did not alert users or take preventive actions.

According to the trader, Binance had been investigating the plugin for some time. However, despite knowing the hacker’s address and the nature of the scam, Binance did not inform traders or freeze the hacker’s account promptly. CryptoNakamao wrote, “Binance did nothing even though it knew of the theft and frequent cross-trading. Hackers manipulated accounts for over an hour, causing extremely abnormal transactions in multiple currency pairs without any risk control; Binance failed to freeze the funds of the obvious hacker’s single account on time.”

A Binance spokesperson informed Cointelegraph that their investigation did not find evidence of the Aggr plugin based on the user’s data. They were alerted to the plugin on May 27 by a community influencer and immediately implemented additional security measures. A subsequent post from the affected user, translated by Cointelegraph, admitted to making some biased or unfounded accusations during their initial investigation.

This incident highlights the critical need for users to be cautious when installing browser plugins and for exchanges to enhance security measures to protect against such sophisticated scams.