Table of Contents
Toggle
Browser Plugin Leads to Hacked Binance Account, Resulting in Million Dollar Loss
OKX Reports New Attack Method
User Nakamao on a social media platform revealed that their Binance account was hacked without their knowledge, resulting in significant financial losses of nearly $1 million.
It is reported that the hacker did not obtain the victim’s password or two-factor authentication messages. Instead, they hijacked the victim’s web page cookies through a malicious Chrome plugin called “Aggr” and used these cookies to manipulate the victim’s Binance account. The hacker conducted a large number of wash trading transactions on Binance using the victim’s account, buying and selling a significant amount of cryptocurrency, causing abnormal price fluctuations and profiting from it.
Nakamao claims that despite contacting Binance customer service immediately and attempting to stop the hacker’s further actions, Binance was slow to respond in the handling process and failed to freeze the hacker’s account or restrict their operations in a timely manner, allowing the hacker to safely withdraw the funds.
Furthermore, it was discovered after contacting the Key Opinion Leader (KOL) who promoted the malicious Chrome plugin “Aggr” that Binance was already aware of the existence of this plugin and had traced the hacker’s address at least 3 to 4 weeks ago. However, they chose not to inform the community promptly in order to gather more information about the hacker and avoid alerting them. Nakamao wrote on X:
This incident has not only caused significant financial losses to the victims personally but also impacted the trust within the cryptocurrency community. It also serves as a warning regarding the security of digital assets, reminding all cryptocurrency users to remain vigilant about the security of their accounts and exercise caution when using any third-party applications or plugins.
On the other hand, according to a report by “Wu Shuo Blockchain,” on June 3, a member of the Benmo community claimed that fraudsters purchased all of their personal information on Telegram and subsequently used the exchange’s password recovery function. They then used AI-generated images to change their phone number, email address, and even the Google Authenticator. Within 24 hours, their OKX account lost over $2 million in assets. Users must be aware of these potential risks.
