Binance User Loses $1 Million Worth Crypto By Counter-Trading Via Plugin

Bhushan Akolkar
June 3, 2024 Updated January 8, 2025
Why Trust CoinGape
CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights to our readers. Our journal analysts bring years of experience in market analysis and blockchain technology to ensure factual accuracy and balanced reporting. By following our Editorial Policy, our writers verify every source, fact-check each story, rely on reputable sources, and attribute quotes and media correctly. We also follow a rigorous Review Methodology when evaluating exchanges and tools. From emerging blockchain projects and coin launches to industry events and technical developments, we cover all facets of the digital asset space with unwavering commitment to timely, relevant information.
Crypto Hack Munchables

Highlights

  • The hacker managed to drain the funds using a technique called "counter-trading" despite all security measures in place.
  • The breach was traced back to a malicious Chrome plugin called Aggr, downloaded by Nakamao.
  • Nakamao criticized Binance for being aware of the malicious plugin and the hacker's activities weeks before.

In a recent development of crypto theft, a Chinese user of the crypto exchange Binance has reportedly lost a staggering $1 million worth of crypto holdings in his Binance account. The Chinese user Nakamao stated that an undercover agent operating in the crypto circle siphoned off all the funds from his account.

Binance User Loses Funds to Counter Trading

Nakamao stated that his Binance account had all necessary security checks in place. Furthermore, the user added that the hacker didn’t have access to Nakamao’s account password or two-factor authentication (2FA), but still managed to drain all funds through “counter-trading”.

On May 24, Nakamao discovered unusual trading activity in his account. The crypto hacker manipulated his account by holding his web cookies hostage, conducting large trades in the USDT trading pair with high liquidity, and placing limit sell orders at inflated prices in pairs with scarce liquidity. This method allowed the hacker to profit significantly without triggering any security alerts from Binance.

Despite immediate efforts to contact Binance customer service, the hacker continued operating Nakamao’s account, ultimately withdrawing all funds safely. Nakamao expressed frustration at Binance’s slow response and lack of effective risk control measures, which allowed the hacker’s obvious arbitrage transactions to go unchecked.

Further investigation revealed that the breach was facilitated by a malicious Chrome plugin called Aggr. This plugin, which Nakamao had downloaded based on recommendations from overseas influencer KOL, allowed the hacker to collect and exploit his cookies to hijack active user sessions. This method bypassed the need for a password or 2FA, enabling the hacker to control the account.

Moreover, this is one of the first instances wherein a hacker managed to steal the funds just through a Chrome plugin. It turns out that earlier this year on March 1, funds from an overseas community member’s Binance account were stolen using the same plugin. Nakamao thus highlighted the dangers associated with using the Chrome Web plugins.

Security Lapses

Nakamao stated that Binance was aware of the malicious plugin and the hacker’s activities weeks before Nakamao’s incident. However, Binance did not take immediate action to warn users or suspend the plugin’s promotion.

Despite the hacker’s blatant arbitrage transactions, Binance did not implement effective risk control measures to detect and prevent the theft, noted Nakamao. Binance’s delay in contacting other platforms to freeze the hacker’s funds resulted in missed opportunities to recover stolen assets, he added. Nakamao has thus demanded the need for higher security measures at the exchange.

Advertisement
coingape google news coingape google news
Investment disclaimer: The content reflects the author’s personal views and current market conditions. Please conduct your own research before investing in cryptocurrencies, as neither the author nor the publication is responsible for any financial losses.
Ad Disclosure: This site may feature sponsored content and affiliate links. All advertisements are clearly labeled, and ad partners have no influence over our editorial content.

Why Trust CoinGape

CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights Read more…to our readers. Our journal analysts bring years of experience in market analysis and blockchain technology to ensure factual accuracy and balanced reporting. By following our Editorial Policy, our writers verify every source, fact-check each story, rely on reputable sources, and attribute quotes and media correctly. We also follow a rigorous Review Methodology when evaluating exchanges and tools. From emerging blockchain projects and coin launches to industry events and technical developments, we cover all facets of the digital asset space with unwavering commitment to timely, relevant information.

About Author
About Author
Bhushan is a seasoned crypto writer with over eight years of experience spanning more than 10,000 contributions across multiple platforms like CoinGape, CoinSpeaker, Bitcoinist, Crypto News Flash, and others. Being a Fintech enthusiast, he loves reporting across Crypto, Blockchain, DeFi, Global Macros with a keen understanding in financial markets. 

He is committed to continuous learning and stays motivated by sharing the knowledge he acquires. In his free time, Bhushan enjoys reading thriller fiction novels and occasionally explores his culinary skills. Bhushan has a bachelors degree in electronics engineering, however, his interest in finance and economics drives him to crypto and blockchain.
Investment disclaimer: The content reflects the author’s personal views and current market conditions. Please conduct your own research before investing in cryptocurrencies, as neither the author nor the publication is responsible for any financial losses.
Ad Disclosure: This site may feature sponsored content and affiliate links. All advertisements are clearly labeled, and ad partners have no influence over our editorial content.