Highlights:
- Binance users lost millions to hacks using malicious Google plugin and hijacked cookies.
- Hackers bypassed 2FA and password verification by exploiting stolen cookies from Google plugin.
- Victims criticize Binance’s delayed response and lack of adequate risk controls.
Several Binance users have suffered significant financial losses from account hacks involving a malicious Google plugin. The alarming incidents have raised concerns within the cryptocurrency community regarding the platform’s security measures and response times.
Hacks Exploit Google Plugin to Hijack Accounts
Chinese cryptocurrency journalist Colin Wu recently tweeted about a series of hacks affecting Binance users, drawing attention to the issue. One notable case involved a Chinese user who lost $1 million on May 24. The attack was carried out through a Google plugin called Aggr, promoted by Key Opinion Leaders (KOLs). The hackers used hijacked cookies to bypass password and two-factor authentication (2FA) verification, enabling unauthorized access to the user’s account.
Breaking: Your Binance account may have been compromised due to downloading the KOL-promoted Google plugin Aggr. A Chinese user used this plug-in, which resulted in $1 million being stolen through cross-trading on May 24th. Another Binance user had his funds stolen on March 1.…
— Wu Blockchain (@WuBlockchain) June 3, 2024
Another user experienced a similar fate on March 1, indicating that this attack method is part of a well-coordinated and persistent strategy. The hacker’s technique involved exploiting hijacked cookies to cross-trade on Binance, causing significant financial damage.
Victims Share Their Experiences
One of the victims, known as Nakamao, shared his ordeal on X, revealing the emotional and financial toll of the incident. Nakamao’s investigation with a security company uncovered that he had fallen victim to an elaborate scheme involving an undercover agent in the crypto community. His account was drained of $1 million.
我成了币圈卧底的牺牲品,币安账户里100万美元灰飞烟灭
直到现在我整个人还是懵的,这几乎是我这几年全部的积蓄。… pic.twitter.com/sSNUTXFZsc
— Nakamao🫡 (@CryptoNakamao) June 3, 2024
Nakamao’s detailed account raised serious concerns about Binance’s response to the hack. He noted several critical points in the timeline of events, such as Binance’s lack of weeks-long awareness of the compromised plugin without taking immediate action.
Despite recognizing the theft and abnormal trading activities, Binance allegedly failed to implement adequate risk controls, allowing hackers to manipulate accounts for over an hour. Nakamao stated that Binance did not promptly freeze the hacker’s account, missing the opportunity to prevent further unauthorized transactions. He further revealed that it took Binance more than a day to contact relevant platforms to freeze transactions, delaying the mitigation of losses.
These revelations have sparked widespread concern and criticism within the cryptocurrency community. Many users are now questioning Binance’s ability to safeguard their assets and the effectiveness of its security measures.
Detailed Attack Method
The malicious plugin Aggr steals cookies from users’ web browsers. Hackers then use these cookies to hijack active user sessions without needing a password or 2FA. This method allows hackers to carry out multiple leveraged trades, spiking the price of low liquidity pairs and profiting from them.
Despite the 2FA, hackers used the hijacked cookies and active login sessions to make profits through cross-trading. They bought several tokens in Tether trading pairs with high liquidity. They then placed limit sell orders above the market price in Bitcoin and USD Coin pairs with low liquidity. The hackers then opened leveraged positions, bought a large amount in excess, and completed the cross-trading. Cross-trading offsets buy and sell orders for the same asset without recording the trade on the exchange.
Criticism of Binance’s Response
The trader claims that Binance failed to implement essential security measures despite unusually high trading activity. Even after receiving timely complaints, the exchange allegedly did not take action to stop the fraudulent activity.
In his investigation, the trader discovered that Binance had been aware of the fraudulent plugin for some time and was already conducting an internal investigation. Despite knowing the hacker’s address and the nature of the plugin scam, Binance did not inform traders or take action to prevent the fraud.
The trader’s revelations have led to calls for Binance to enhance its security protocols and provide better user protection. The incidents highlight the need for heightened security measures and prompt action in the face of emerging threats within the cryptocurrency sector.
Learn More
- Delaware Supreme Court Revives BitGo’s $100M Case Against Galaxy Digital
- Binance Will Stop Trading OMG, WAVES, WNXM, XEM on June 17, 2024
- Retik Finance Price Surges Toward $3 after Multiple Exchange Listings
- Bitget Announces Gracy Chen As Its Latest CEO