Binance User Loses $1 Million Worth Crypto By Counter-Trading Via Plugin

In a recent development of crypto theft, a Chinese user of the crypto exchange Binance has reportedly lost a staggering $1 million worth of crypto holdings in his Binance account. The Chinese user Nakamao stated that an undercover agent operating in the crypto circle siphoned off all the funds from his account.

Binance User Loses Funds to Counter Trading

Nakamao stated that his Binance account had all necessary security checks in place. Furthermore, the user added that the hacker didn’t have access to Nakamao’s account password or two-factor authentication (2FA), but still managed to drain all funds through “counter-trading”.

On May 24, Nakamao discovered unusual trading activity in his account. The crypto hacker manipulated his account by holding his web cookies hostage, conducting large trades in the USDT trading pair with high liquidity, and placing limit sell orders at inflated prices in pairs with scarce liquidity. This method allowed the hacker to profit significantly without triggering any security alerts from Binance.

Despite immediate efforts to contact Binance customer service, the hacker continued operating Nakamao’s account, ultimately withdrawing all funds safely. Nakamao expressed frustration at Binance’s slow response and lack of effective risk control measures, which allowed the hacker’s obvious arbitrage transactions to go unchecked.

Further investigation revealed that the breach was facilitated by a malicious Chrome plugin called Aggr. This plugin, which Nakamao had downloaded based on recommendations from overseas influencer KOL, allowed the hacker to collect and exploit his cookies to hijack active user sessions. This method bypassed the need for a password or 2FA, enabling the hacker to control the account.

Moreover, this is one of the first instances wherein a hacker managed to steal the funds just through a Chrome plugin. It turns out that earlier this year on March 1, funds from an overseas community member’s Binance account were stolen using the same plugin. Nakamao thus highlighted the dangers associated with using the Chrome Web plugins.

Security Lapses

Nakamao stated that Binance was aware of the malicious plugin and the hacker’s activities weeks before Nakamao’s incident. However, Binance did not take immediate action to warn users or suspend the plugin’s promotion.

Despite the hacker’s blatant arbitrage transactions, Binance did not implement effective risk control measures to detect and prevent the theft, noted Nakamao. Binance’s delay in contacting other platforms to freeze the hacker’s funds resulted in missed opportunities to recover stolen assets, he added. Nakamao has thus demanded the need for higher security measures at the exchange.

The post Binance User Loses $1 Million Worth Crypto By Counter-Trading Via Plugin appeared first on CoinGape.