A Chinese trader has fallen victim to a hacking scam that resulted in the loss of $1 million. The scam involved the use of a Google Chrome plugin called Aggr, which tricks users into giving away their cookies. Hackers then used these stolen cookies to bypass password and two-factor authentication (2FA) verification and gain access to the trader’s Binance account.
The trader, known as CryptoNakamao on the X platform, shared the story of their devastating experience. They explained that on May 24, they noticed unusual trading activity in their Binance account after checking the price of Bitcoin (BTC) on the Binance app. By the time they sought help from Binance, all their funds had already been withdrawn by the hacker.
According to the trader, the hacker obtained their web browser’s cookie data by using the Aggr plugin. Initially, the trader installed the plugin to access important trader data, but later discovered that it was actually malicious software designed to steal browsing data and cookies.
Using the stolen cookies, the hacker was able to hijack active user sessions and conduct leveraged trades to manipulate the price of low liquidity pairs and make profits. Although they couldn’t directly withdraw funds due to 2FA, the hacker used the cookies and active login sessions to engage in cross-trading and generate profits.
The trader blamed Binance for the incident, stating that the exchange failed to implement necessary security measures despite the abnormally high trading activity. They also claimed that Binance was aware of the fraudulent plugin but did not inform users or take any action to prevent the scam.
In response to these accusations, a spokesperson from Binance stated that their investigation did not find any evidence of the fraudulent plugin based on the data provided by the affected user. However, they acknowledged that a community influencer had alerted them to the plugin and they had implemented additional security measures in response.
It is clear that this incident highlights the need for users to be cautious when installing plugins or extensions, especially those that require access to sensitive information. Additionally, exchanges must prioritize the security of their users’ accounts and take immediate action to address any potential threats.