Binance User Loses $1 Million Worth Crypto By Counter-Trading Via Plugin
Highlights
- The hacker managed to drain the funds using a technique called "counter-trading" despite all security measures in place.
- The breach was traced back to a malicious Chrome plugin called Aggr, downloaded by Nakamao.
- Nakamao criticized Binance for being aware of the malicious plugin and the hacker's activities weeks before.
In a recent development of crypto theft, a Chinese user of the crypto exchange Binance has reportedly lost a staggering $1 million worth of crypto holdings in his Binance account. The Chinese user Nakamao stated that an undercover agent operating in the crypto circle siphoned off all the funds from his account.
Binance User Loses Funds to Counter Trading
Nakamao stated that his Binance account had all necessary security checks in place. Furthermore, the user added that the hacker didn’t have access to Nakamao’s account password or two-factor authentication (2FA), but still managed to drain all funds through “counter-trading”.
On May 24, Nakamao discovered unusual trading activity in his account. The crypto hacker manipulated his account by holding his web cookies hostage, conducting large trades in the USDT trading pair with high liquidity, and placing limit sell orders at inflated prices in pairs with scarce liquidity. This method allowed the hacker to profit significantly without triggering any security alerts from Binance.
Despite immediate efforts to contact Binance customer service, the hacker continued operating Nakamao’s account, ultimately withdrawing all funds safely. Nakamao expressed frustration at Binance’s slow response and lack of effective risk control measures, which allowed the hacker’s obvious arbitrage transactions to go unchecked.
Further investigation revealed that the breach was facilitated by a malicious Chrome plugin called Aggr. This plugin, which Nakamao had downloaded based on recommendations from overseas influencer KOL, allowed the hacker to collect and exploit his cookies to hijack active user sessions. This method bypassed the need for a password or 2FA, enabling the hacker to control the account.
Moreover, this is one of the first instances wherein a hacker managed to steal the funds just through a Chrome plugin. It turns out that earlier this year on March 1, funds from an overseas community member’s Binance account were stolen using the same plugin. Nakamao thus highlighted the dangers associated with using the Chrome Web plugins.
Security Lapses
Nakamao stated that Binance was aware of the malicious plugin and the hacker’s activities weeks before Nakamao’s incident. However, Binance did not take immediate action to warn users or suspend the plugin’s promotion.
Despite the hacker’s blatant arbitrage transactions, Binance did not implement effective risk control measures to detect and prevent the theft, noted Nakamao. Binance’s delay in contacting other platforms to freeze the hacker’s funds resulted in missed opportunities to recover stolen assets, he added. Nakamao has thus demanded the need for higher security measures at the exchange.
- Will Bitcoin Rally as JPMorgan Tips Fed To End QT at FOMC Meeting?
- White House Crypto Czar Backs Michael Selig as ‘Excellent Choice’ To Lead CFTC
- Ripple Explores New XRP Use Cases as Brad Garlinghouse Reaffirms Token’s ‘Central’ Role
- Kyrgyzstan Adds Binance Coin (BNB) to National Crypto Reserve, CZ Confirms
- Ripple-Backed Evernorth Grows XRP Treasury to $1B Ahead of Nasdaq Listing
- Analyst Eyes Key Support Retest Before a Rebound for Ethereum Price Amid $93M ETF Outflows and BlackRock Dump
- Bitcoin Price Eyes $120K Ahead of FED’s 98.3% Likelihood to Cut Rates
- PEPE Coin Price Prediction as Weekly Outflows Hit $17M – Is Rebound Ahead?
- HBAR Price Targets 50% Jump as Hedera Unleashes Massive Staking Move
- Chainlink Price Outlook: Analyst Predicts $100 as Reserve Adds 63K LINK
- SUI Price Prediction as TVL and Monthly DEX Volume Hit All-Time Highs- What’s Next?