This plugin allowed the hacker to steal Nakamao’s Binance session by gathering his browsing cookies without a password or two-factor authentication.
Reportedly, a Chinese user of the crypto exchange Binance has lost crypto holdings worth an astounding $1 million from his Binance account in a recent development of crypto theft.
The Chinese user Nakamao claimed that his entire cryptocurrency account was emptied by an undercover agent operating within the crypto circle.
Binance User Loses Funds to Counter Trading
Nakamao asserted that his Binance account was protected by every requisite security measure.
Moreover, according to the user, the intruder successfully drained all funds through “counter-trading” despite lacking the password and two-factor authentication (2FA) for Nakamao’s account.
Nakamao identified anomalous trading activity in his account on May 24.
By holding his web cookies captive, conducting large trades in the USDT trading pair with high liquidity, and placing limit sell orders at inflated prices in pairs with scarce liquidity, the crypto hacker manipulated his account.
This approach enabled the assailant to amass a substantial profit while evading Binance’s security notifications.
Despite prompt attempts to communicate with Binance customer service, the intruder persisted in accessing Nakamao’s account and ultimately executed a secure withdrawal of all funds.
Nakamao lamented Binance’s inadequate risk management protocols and sluggish response, which enabled the intruder to execute conspicuous arbitrage transactions undetected.
A malicious Chrome plugin known as Aggr facilitated the breach, according to additional investigation.
Nakamao obtained this plugin on the advice of an international influencer KOL. By doing so, the hacker gained access to his cookies, which he then utilized to commandeer active user sessions.
This method enabled the intruder to gain access to the account without requiring a password or two-factor authentication.
Furthermore, this is among the initial occurrences in which a criminal successfully pilfered the funds by utilizing a Chrome plugin alone.
It was discovered that funds were misappropriated from the Binance account of an international community member on March 1 of this year using the same plugin.
As a result, Nakamao emphasized the risks linked to the utilization of Chrome Web extensions.
Security Flaws
Weeks before Nakamao’s incident, Binance was reportedly cognizant of the pernicious plugin and the hacker’s activities, according to Nakamao.
However, Binance failed to promptly issue a warning to users or halt the propagation of the plugin.
Nakamao observed that despite the hacker’s obvious arbitrage transactions, Binance failed to implement adequate risk control measures to identify and avert the theft.
He further stated that it was impossible to recover stolen assets because Binance failed to contact other platforms in time to block the hacker’s funds.
In light of this, Nakamao has urged the exchange to implement more stringent security measures.
