Cryptocurrency trading is speculative and your capital is at risk when you trade. We may earn affiliate commissions from some of the products on this page - at no extra cost to you.
Hackers Exploit Chrome Plugin to Drain Binance User Funds


  • Binance users lost millions to hacks using malicious Google plugin and hijacked cookies.
  • Hackers bypassed 2FA and password verification by exploiting stolen cookies from Google plugin.
  • Victims criticize Binance’s delayed response and lack of adequate risk controls.

Several Binance users have suffered significant financial losses from account hacks involving a malicious Google plugin. The alarming incidents have raised concerns within the cryptocurrency community regarding the platform’s security measures and response times.

Hacks Exploit Google Plugin to Hijack Accounts

Chinese cryptocurrency journalist Colin Wu recently tweeted about a series of hacks affecting Binance users, drawing attention to the issue. One notable case involved a Chinese user who lost $1 million on May 24. The attack was carried out through a Google plugin called Aggr, promoted by Key Opinion Leaders (KOLs). The hackers used hijacked cookies to bypass password and two-factor authentication (2FA) verification, enabling unauthorized access to the user’s account.

Another user experienced a similar fate on March 1, indicating that this attack method is part of a well-coordinated and persistent strategy. The hacker’s technique involved exploiting hijacked cookies to cross-trade on Binance, causing significant financial damage.

Victims Share Their Experiences

One of the victims, known as Nakamao, shared his ordeal on X, revealing the emotional and financial toll of the incident. Nakamao’s investigation with a security company uncovered that he had fallen victim to an elaborate scheme involving an undercover agent in the crypto community. His account was drained of $1 million.

Nakamao’s detailed account raised serious concerns about Binance’s response to the hack. He noted several critical points in the timeline of events, such as Binance’s lack of weeks-long awareness of the compromised plugin without taking immediate action. 

Despite recognizing the theft and abnormal trading activities, Binance allegedly failed to implement adequate risk controls, allowing hackers to manipulate accounts for over an hour. Nakamao stated that Binance did not promptly freeze the hacker’s account, missing the opportunity to prevent further unauthorized transactions. He further revealed that it took Binance more than a day to contact relevant platforms to freeze transactions, delaying the mitigation of losses.

These revelations have sparked widespread concern and criticism within the cryptocurrency community. Many users are now questioning Binance’s ability to safeguard their assets and the effectiveness of its security measures.

Detailed Attack Method

The malicious plugin Aggr steals cookies from users’ web browsers. Hackers then use these cookies to hijack active user sessions without needing a password or 2FA. This method allows hackers to carry out multiple leveraged trades, spiking the price of low liquidity pairs and profiting from them.

Despite the 2FA, hackers used the hijacked cookies and active login sessions to make profits through cross-trading. They bought several tokens in Tether trading pairs with high liquidity. They then placed limit sell orders above the market price in Bitcoin and USD Coin pairs with low liquidity. The hackers then opened leveraged positions, bought a large amount in excess, and completed the cross-trading. Cross-trading offsets buy and sell orders for the same asset without recording the trade on the exchange.

Criticism of Binance’s Response

The trader claims that Binance failed to implement essential security measures despite unusually high trading activity. Even after receiving timely complaints, the exchange allegedly did not take action to stop the fraudulent activity. 

In his investigation, the trader discovered that Binance had been aware of the fraudulent plugin for some time and was already conducting an internal investigation. Despite knowing the hacker’s address and the nature of the plugin scam, Binance did not inform traders or take action to prevent the fraud.

The trader’s revelations have led to calls for Binance to enhance its security protocols and provide better user protection. The incidents highlight the need for heightened security measures and prompt action in the face of emerging threats within the cryptocurrency sector.

Learn More

Buy Cryptos on eToro banner