In an elaborate hacking scam involving a malicious Chrome plugin named Aggr, a Chinese trader lost a staggering $1 million from their Binance account. The Aggr plugin is designed to lift cookies from users’ browsers. These cookies are then exploited by hackers to evade password and two-factor verification processes, subsequently gaining access to the victim’s cryptocurrency trading account.
The trader, known on Binance as CryptoNakamao, reported that unusual trading activity occurred on their account on May 24. The suspicious activity was detected only when the trader checked Bitcoin prices on their Binance app. Unfortunately, by the time Binance was notified, all funds had already been digitally siphoned off by the hacker.
According to the scammed trader, the hackers stole their web browser cookie data through the Aggr Chrome plugin, originally installed to gain access to data from leading traders. This information was then used to hijack active user sessions without requiring a password or other form of authentication. The hacker carried out several leveraged trades, manipulating the prices of low liquidity pairs to their advantage.
The targeted trader contends that even though direct fund withdrawal was blocked by two-factor authentication, the perpetrators ingeniously used the active cookies and login sessions to carry out profitable cross-trades. This was achieved by trading excessive amounts of tokens with high liquidity and placing sell orders above market price in scarce liquidity trading pairs.
The victim criticized Binance for purportedly failing to execute essential security measures in response to the unusually high trading activity. The trader also alleges that Binance, already investigating the malicious plugin, failed to inform its traders or take action to prevent further harm. Despite recognizing the hacker’s single account and the scam’s nature, the platform was accused of not freezing the fraudulent funds in a timely manner.