A recent cybersecurity incident involving a deceptive Google Chrome plugin named Aggr has led to significant financial losses for a Chinese trader and potentially others. This plugin, masquerading as a tool for accessing trading data, facilitated unauthorized access to Binance accounts by exploiting stolen browser cookies.
On May 24, a trader, known as CryptoNakamao on X, noticed unauthorized trading activity on their Binance account. The suspicious activities came to light only after the trader checked the Bitcoin price through the Binance app. By then, the hacker had already siphoned off funds amounting to approximately $1 million.
The Aggr Chrome plugin covertly stole web browser cookies, allowing the hackers to bypass both password and two-factor authentication (2FA) systems. These cookies were used to hijack active user sessions on Binance, enabling the perpetrators to conduct transactions without needing to log in conventionally.
Analysis of the Hack
The attackers utilized the stolen cookies to manipulate the market through leveraged trades on low liquidity cryptocurrency pairs. This method allowed them to artificially inflate prices and execute profitable trades at the expense of the compromised accounts.
The culprits engaged in cross-trading—where buy and sell orders for the same asset are offset without being recorded on the exchange—by purchasing various tokens against Tether and placing limit sell orders at prices above the market rate in other less liquid trading pairs.
Binance’s Response and Security Lapses
Despite the trader’s immediate report of the suspicious activities, Binance allegedly failed to halt the unauthorized transactions in a timely manner. The platform did not freeze the funds associated with the hacker’s account promptly, allowing the manipulation to continue for over an hour.
Investigations revealed that Binance was already aware of the Aggr plugin’s malicious nature and was conducting an internal investigation. However, the trader claims that Binance did not adequately warn its users about the potential risks, nor did it implement preventative measures to block the plugin’s activities.
Impact and Implications
The affected trader lost their life savings due to this security breach, highlighting significant vulnerabilities in the current security frameworks used by crypto exchanges and the dangers posed by third-party browser extensions.
This incident underscores the need for enhanced security protocols on cryptocurrency trading platforms, particularly in terms of real-time risk detection and response strategies. It also calls into question the responsibility of exchanges to inform and protect their users proactively.
The hacking incident involving the Aggr Chrome plugin serves as a critical reminder of the sophisticated methods employed by cybercriminals in the cryptocurrency space. As digital assets continue to gain popularity, both users and platforms must prioritize advanced security solutions to safeguard against such invasive threats.
| Aspect | Detail |
|---|---|
| Date of Incident | May 24 |
| Nature of Attack | Use of malicious Chrome plugin (Aggr) |
| Total Loss | Approx. $1 million |
| Method of Attack | Theft of browser cookies for session hijacking |
| Binance’s Initial Response | Delayed action and lack of timely intervention |
| Investigative Findings | Binance was previously aware of the plugin’s risks |
Featured image credit: Freepik