A hacker used a malicious Chrome plugin to access a Binance user’s account and siphon one million dollars’ worth of crypto without sounding any alarms.
The attacker utilized the malicious Chrome plugin Aggr to hijack Binance session cookies and used them to access the crypto exchange’s account without a password and two-factor authentication (2FA), a China-based user, Nakamao, shared on X.
The user said he didn’t notice anything until he opened Binance to check the price of bitcoin. Once on the platform, irregular trading activity alerted Nakamao. Interestingly, the attacker employed counter-trading practices to stay under the platform’s radar.
In essence, the perpetrators sold overpriced tokens from an account they controlled, buying them using funds from Nakamao’s account, then proceeded to sell tokens at market value and net the profit. According to Nakamao, the attacker siphoned one million dollars from his account without alerting any of Binance's security measures.
After receiving no help from Binance customer support, the trader turned to security consultants only to find out the attacker utilized the Aggr Chrome plugin that Nakamao installed after a recommendation from a crypto influencer.
Nakamao lamented Binance’s security practices, claiming that the company knew about the malicious plugin which was allegedly already used to hijack another Binance user’s account earlier this year.
“Looking back at the whole incident, if the hacker had directly withdrawn the funds, I would have nothing to say, but the hacker's random cross-trading on Binance and Binance's subsequent remedies are unacceptable to me, not to mention that Binance has been investigating this hacker and the plug-in for a long time,” Nakamao shared.
Meanwhile, after Nakamao’s post went viral, Binance posted a message on X, reiterating that no breach of the platform took place, advising users to avoid installing browser plugins.
“While there has been no security breach on the Binance platform, we want the community to always stay vigilant. Avoid installing browser plugins as malicious plugins can steal your data and comprise your account security,” the crypto exchange said.
Crafting malicious Chrome plugins that steal user cookies can be alarmingly simple, as we recently wrote, since even a non-programmer can utilize ChatGPT to write a code for a malicious Chrome extension that lists user cookies.
Your email address will not be published. Required fields are markedmarked