A Chinese trader recently lost $1 million to a hacking scam involving a Google Chrome plugin named Aggr.
This promotional plugin steals cookies from users, allowing hackers to bypass passwords and two-factor authentication (2FA) to access the victim’s Binance account.
The trader, known as CryptoNakamao on X, shared their ordeal of losing their life savings to the scam.
On May 24, they noticed that their Binance account was trading randomly, discovering this when they checked the Bitcoin price on the Binance app.
By the time they sought help from Binance, all their funds had been withdrawn by the hacker.
The hacker stole cookie data through the Aggr plugin, which was installed by the trader to access prominent trader data.
The malicious software was designed to steal web browsing data and cookies.
Using the collected cookies, the hacker hijacked active user sessions without needing a password or authentication, performing multiple leveraged trades to manipulate the prices of low liquidity pairs for profit.
The trader noted that, although the hacker couldn’t withdraw funds directly due to 2FA, they exploited the cookies and active login sessions to make profits through cross-trading.
The hacker purchased several tokens in the Tether trading pair with abundant liquidity and placed limit sell orders at prices higher than the market rate in Bitcoin, USD Coin, and other pairs with scarce liquidity.
Subsequently, the hacker opened leveraged positions, bought large amounts, and completed the cross-trading.
Cross-trading involves offsetting buy and sell orders for the same asset without recording the trade on the exchange.
The trader blamed Binance for not implementing essential security measures despite the unusually high trading activity.
They added that even after receiving timely complaints, the exchange failed to stop the fraudulent activity.
During their investigation, the trader discovered that Binance had been aware of the fraudulent plugin for some time and was conducting an internal investigation.
Despite knowing the hacker’s address and the nature of the plugin scam, the trader claimed Binance failed to inform traders or take preventative actions. They wrote:
“Binance did nothing even though it knew of the theft and frequent cross-trading.
“Hackers manipulated accounts for over an hour, causing extremely abnormal transactions in multiple currency pairs without any risk control; Binance failed to freeze the funds of the obvious hacker’s single account on the platform on time.”
Cointelegraph reached out to Binance for comment but did not receive a response by publication time.
To submit a crypto press release (PR), send an email to sales@cryptointelligence.co.uk.