June 24, 2024
Latest Cryptocurrency News

A Trader Loses $1 Million to Chrome Plugin Scam

A Chinese trader has reportedly lost $1 million in life savings due to a sophisticated hacking scam involving a Google Chrome plugin named Aggr. The Chrome plugin, initially promoted as a tool for accessing prominent trader data, was revealed to be malicious software designed to steal users’ web browsing data and cookies.

The trader, who uses the X handle CryptoNakamao, detailed the ordeal in a recent post. On May 24, CryptoNakamao noticed unusual activity in their Binance account. Upon checking the Bitcoin price via the Binance app, they realized their account was being used to execute random trades. Despite seeking immediate assistance from Binance, the hacker had already managed to withdraw all the funds.

https://twitter.com/CryptoNakamao/status/1797519128632381847

Hacker Uses Cookies to Bypass Security

According to CryptoNakamao, the hackers exploited the stolen cookie data to bypass both password and two-factor authentication (2FA) verification. The compromised cookies allowed the hackers to hijack active user sessions, enabling them to conduct multiple leveraged trades. These trades spiked the prices of low liquidity pairs, allowing the hacker to profit substantially.

Even though direct fund withdrawal was blocked by 2FA, the hackers used cross-trading to manipulate the market. By buying tokens in the Tether trading pair and placing sell orders in pairs with scarce liquidity, the hacker successfully completed leveraged positions and cross-trading. Thus, resulting in significant financial loss for CryptoNakamao.

Binance’s Alleged Lapse in Security Measures

CryptoNakamao has criticized Binance for failing to implement essential security measures and taking timely action.

Despite reporting the unusual trading activity promptly, Binance allegedly did not freeze the hacker’s account or halt the fraudulent trades. Further investigation by CryptoNakamao revealed that Binance had been aware of the Aggr plugin scam and was conducting an internal investigation but failed to alert its users or prevent the scam.

The trader accused Binance of neglecting risk controls and allowing the hackers to manipulate accounts for over an hour.

“Binance did nothing even though it knew of the theft and frequent cross-trading.”

CryptoNakamao stated, expressing frustration over the exchange’s handling of the situation.

While the investigations continue, this incident underscores the critical need for enhanced security measures. It highlights the importance of prompt action in the face of sophisticated cyber threats in the cryptocurrency space.

Image by rawpixel.com on Freepik

Disclosure Statement: Miami Crypto does not take any external funding, or support to bring crypto news to the readers. We do not have any conflicts of interest while writing news stories on Miami Crypto.

Related posts

SEC’s Binance.US Software Access Bid Hits Temporary Setback

Chloe Taylor

Cryptocurrency Assets Proposed for Protection Under Brazilian Savings Asset Bill

Christian Green

President’s Manifesto Aims to Unlock Blockchain and Crypto Potential in Nigeria

Harper Hall

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Please enter CoinGecko Free Api Key to get this plugin works.