DMR News

Advancing Digital Conversations

Hackers Use Chrome Extension to Extract Millions from Binance Users

ByDayne Lee

Jun 4, 2024

Hackers Use Chrome Extension to Extract Millions from Binance Users

A recent cybersecurity incident involving a deceptive Google Chrome plugin named Aggr has led to significant financial losses for a Chinese trader and potentially others. This plugin, masquerading as a tool for accessing trading data, facilitated unauthorized access to Binance accounts by exploiting stolen browser cookies.

On May 24, a trader, known as CryptoNakamao on X, noticed unauthorized trading activity on their Binance account. The suspicious activities came to light only after the trader checked the Bitcoin price through the Binance app. By then, the hacker had already siphoned off funds amounting to approximately $1 million.

The Aggr Chrome plugin covertly stole web browser cookies, allowing the hackers to bypass both password and two-factor authentication (2FA) systems. These cookies were used to hijack active user sessions on Binance, enabling the perpetrators to conduct transactions without needing to log in conventionally.

Analysis of the Hack

The attackers utilized the stolen cookies to manipulate the market through leveraged trades on low liquidity cryptocurrency pairs. This method allowed them to artificially inflate prices and execute profitable trades at the expense of the compromised accounts.

The culprits engaged in cross-trading—where buy and sell orders for the same asset are offset without being recorded on the exchange—by purchasing various tokens against Tether and placing limit sell orders at prices above the market rate in other less liquid trading pairs.

Binance’s Response and Security Lapses

Despite the trader’s immediate report of the suspicious activities, Binance allegedly failed to halt the unauthorized transactions in a timely manner. The platform did not freeze the funds associated with the hacker’s account promptly, allowing the manipulation to continue for over an hour.

Investigations revealed that Binance was already aware of the Aggr plugin’s malicious nature and was conducting an internal investigation. However, the trader claims that Binance did not adequately warn its users about the potential risks, nor did it implement preventative measures to block the plugin’s activities.

Impact and Implications

The affected trader lost their life savings due to this security breach, highlighting significant vulnerabilities in the current security frameworks used by crypto exchanges and the dangers posed by third-party browser extensions.

This incident underscores the need for enhanced security protocols on cryptocurrency trading platforms, particularly in terms of real-time risk detection and response strategies. It also calls into question the responsibility of exchanges to inform and protect their users proactively.

The hacking incident involving the Aggr Chrome plugin serves as a critical reminder of the sophisticated methods employed by cybercriminals in the cryptocurrency space. As digital assets continue to gain popularity, both users and platforms must prioritize advanced security solutions to safeguard against such invasive threats.

Date of IncidentMay 24
Nature of AttackUse of malicious Chrome plugin (Aggr)
Total LossApprox. $1 million
Method of AttackTheft of browser cookies for session hijacking
Binance’s Initial ResponseDelayed action and lack of timely intervention
Investigative FindingsBinance was previously aware of the plugin’s risks

Featured image credit: Freepik

Dayne Lee

With a foundation in financial day trading, I transitioned to my current role as an editor, where I prioritize accuracy and reader engagement in our content. I excel in collaborating with writers to ensure top-quality news coverage. This shift from finance to journalism has been both challenging and rewarding, driving my commitment to editorial excellence.

Leave a Reply

Your email address will not be published. Required fields are marked *