According to Nakamao, hackers were able to use a Chrome plugin and multiple cross trades to steal $1 million from their Binance account.
A Binance trader has lost $1 million to hackers who gained access to the user’s account via a Google Chrome plugin. The user published a long post on X, recounting how they lost their funds to hackers who used cross-trading to drain the account.
Binance Trader Loses Funds to Hackers via Chrome Plugin
According to the X post, CryptoNakamao noticed unusual trading activity on his account. Apparently, the hacker accessed the trader’s live account through web cookies penetrated via Aggr, a Google Chrome plugin. The promotion plugin can steal user cookies and allow a hacker access to an account by bypassing password and two-factor authentication requirements. Nakamao had installed the plugin to get trading data.
The trader explained that the hacker began manipulating the account by making large USDT trades with high liquidity. The hackers also placed limited sell orders at exorbitant prices using pairs with low liquidity. This way, the hacker could make significant profits without prompting any of Binance’s security red flags.
After these, the hacker then opened several leveraged positions and conducted cross-trading. This is the purchase and sale of orders for the same asset without the transaction recorded on an exchange.
Nakamao’s post explained that a security company revealed the breach was through web cookies hijacked by the plugin. The user claims to have reached out to Binance’s customer service when they discovered the problem. Unfortunately, the hacker was still operating the account and successfully withdrew the funds, according to Binance’s customer service.
Trader Accuses Binance of Lagging
Nakamao also accuses Binance of delaying efforts, noting that the exchange took more than a day to reach out to Kucoin and Gate to freeze funds the user had transferred to these platforms. Unfortunately, the hacker had already moved the funds from both exchanges.
In addition, the trader claims that Binance knew about the hacker and plugin and had been investigating. However, Nakamao said the exchange took no precautions for several weeks, resulting in heavy financial losses. The trader added that Binance did not freeze the hacker’s funds in time and took too long to take action. According to a translation of the post from Chinese:
“Binance did nothing even though it was aware of the theft and frequent cross-trading. Hackers manipulated accounts for more than an hour, causing extremely abnormal transactions in multiple currency pairs without any risk control.”
Nakamao says Binance always emphasizes safety, specifically using the word “security” in its annual summary. This gave the trader confidence in the exchange, encouraging the user to deposit a lot of money in the platform, via stablecoins.
In a follow-up post, the trader states that he is unwilling to fight with Binance because “if we really fight, how can we win?”
The hack is yet another case of a security breach, now seemingly rampant in the crypto space. Early last month, the infamous Poloniex hacker from last year transferred 1100 Ether ($3.4 MILLION) to crypto mixer Tornado Cash. Data from Arkham Intelligence revealed the hacker sent 11 batches of 100 ETH to the mixer. Before that, the same hacker had sent about 501 Bitcoin (BTC), worth about $31.9 million at the time, to an unknown address.
next