Binance User Loses $1 Million Worth Crypto By Counter-Trading Via Plugin

Highlights
- The hacker managed to drain the funds using a technique called "counter-trading" despite all security measures in place.
- The breach was traced back to a malicious Chrome plugin called Aggr, downloaded by Nakamao.
- Nakamao criticized Binance for being aware of the malicious plugin and the hacker's activities weeks before.
In a recent development of crypto theft, a Chinese user of the crypto exchange Binance has reportedly lost a staggering $1 million worth of crypto holdings in his Binance account. The Chinese user Nakamao stated that an undercover agent operating in the crypto circle siphoned off all the funds from his account.
Binance User Loses Funds to Counter Trading
Nakamao stated that his Binance account had all necessary security checks in place. Furthermore, the user added that the hacker didn’t have access to Nakamao’s account password or two-factor authentication (2FA), but still managed to drain all funds through “counter-trading”.
On May 24, Nakamao discovered unusual trading activity in his account. The crypto hacker manipulated his account by holding his web cookies hostage, conducting large trades in the USDT trading pair with high liquidity, and placing limit sell orders at inflated prices in pairs with scarce liquidity. This method allowed the hacker to profit significantly without triggering any security alerts from Binance.
Despite immediate efforts to contact Binance customer service, the hacker continued operating Nakamao’s account, ultimately withdrawing all funds safely. Nakamao expressed frustration at Binance’s slow response and lack of effective risk control measures, which allowed the hacker’s obvious arbitrage transactions to go unchecked.
Further investigation revealed that the breach was facilitated by a malicious Chrome plugin called Aggr. This plugin, which Nakamao had downloaded based on recommendations from overseas influencer KOL, allowed the hacker to collect and exploit his cookies to hijack active user sessions. This method bypassed the need for a password or 2FA, enabling the hacker to control the account.
Moreover, this is one of the first instances wherein a hacker managed to steal the funds just through a Chrome plugin. It turns out that earlier this year on March 1, funds from an overseas community member’s Binance account were stolen using the same plugin. Nakamao thus highlighted the dangers associated with using the Chrome Web plugins.
Security Lapses
Nakamao stated that Binance was aware of the malicious plugin and the hacker’s activities weeks before Nakamao’s incident. However, Binance did not take immediate action to warn users or suspend the plugin’s promotion.
Despite the hacker’s blatant arbitrage transactions, Binance did not implement effective risk control measures to detect and prevent the theft, noted Nakamao. Binance’s delay in contacting other platforms to freeze the hacker’s funds resulted in missed opportunities to recover stolen assets, he added. Nakamao has thus demanded the need for higher security measures at the exchange.
- ASTER Token Rockets Over 10% in an Hour as Binance Announces Spot Listing
- Whale Dumps Massive $55 Million in XRP to Ripple as Coin Falls Below $3?
- Aster Token Crashes 10% On DEX Integrity Issues Ahead of Airdrop, What’s Happening?
- Spot Bitcoin ETFs Record 2nd Best Weekly Inflows Ever, Bloomberg Analysts Bullish
- Michael Saylor Says “No New Orange Dots” Pausing Bitcoin Buys as Holdings Hit Record $79B
- Dogecoin Price Rebounds 15% From Buy Zone as Whales Add 30M DOGE – Can Bulls Push Beyond $0.30?
- FLOKI Price Prediction as ETP Listing Drives Adoption—Is a 160% Rally Ahead?
- BNB Coin Price Hits ATH as Derivatives Activity Soars—Is $1,520 the Next Stop?
- Aster Price Eyes $3 After Channel Breakout as Open Interest Surges to $1.37B
- Will XRP Price Hit $5 if the SEC Approves ETFs This Month?
- Bitcoin Price Hits $120K Ahead of Q4 — Can Citigroup’s Forecast Hold Up?