Tuesday , 24 December 2024
Home Kripto Hackers Use Chrome Extension to Extract Millions from Binance Users
Kripto

Hackers Use Chrome Extension to Extract Millions from Binance Users

Hackers Use Chrome Extension to Extract Millions from Binance Users

A recent cybersecurity incident involving a deceptive Google Chrome plugin named Aggr has led to significant financial losses for a Chinese trader and potentially others. This plugin, masquerading as a tool for accessing trading data, facilitated unauthorized access to Binance accounts by exploiting stolen browser cookies.

On May 24, a trader, known as CryptoNakamao on X, noticed unauthorized trading activity on their Binance account. The suspicious activities came to light only after the trader checked the Bitcoin price through the Binance app. By then, the hacker had already siphoned off funds amounting to approximately $1 million.

The Aggr Chrome plugin covertly stole web browser cookies, allowing the hackers to bypass both password and two-factor authentication (2FA) systems. These cookies were used to hijack active user sessions on Binance, enabling the perpetrators to conduct transactions without needing to log in conventionally.

Analysis of the Hack

The attackers utilized the stolen cookies to manipulate the market through leveraged trades on low liquidity cryptocurrency pairs. This method allowed them to artificially inflate prices and execute profitable trades at the expense of the compromised accounts.

The culprits engaged in cross-trading—where buy and sell orders for the same asset are offset without being recorded on the exchange—by purchasing various tokens against Tether and placing limit sell orders at prices above the market rate in other less liquid trading pairs.

Binance’s Response and Security Lapses

Despite the trader’s immediate report of the suspicious activities, Binance allegedly failed to halt the unauthorized transactions in a timely manner. The platform did not freeze the funds associated with the hacker’s account promptly, allowing the manipulation to continue for over an hour.

Investigations revealed that Binance was already aware of the Aggr plugin’s malicious nature and was conducting an internal investigation. However, the trader claims that Binance did not adequately warn its users about the potential risks, nor did it implement preventative measures to block the plugin’s activities.

Impact and Implications

The affected trader lost their life savings due to this security breach, highlighting significant vulnerabilities in the current security frameworks used by crypto exchanges and the dangers posed by third-party browser extensions.

This incident underscores the need for enhanced security protocols on cryptocurrency trading platforms, particularly in terms of real-time risk detection and response strategies. It also calls into question the responsibility of exchanges to inform and protect their users proactively.

The hacking incident involving the Aggr Chrome plugin serves as a critical reminder of the sophisticated methods employed by cybercriminals in the cryptocurrency space. As digital assets continue to gain popularity, both users and platforms must prioritize advanced security solutions to safeguard against such invasive threats.

Aspect Detail
Date of Incident May 24
Nature of Attack Use of malicious Chrome plugin (Aggr)
Total Loss Approx. $1 million
Method of Attack Theft of browser cookies for session hijacking
Binance’s Initial Response Delayed action and lack of timely intervention
Investigative Findings Binance was previously aware of the plugin’s risks

Related Articles

Botswana Central Bank Flags ‘Minimal’ Crypto Risks but Calls for Regulation
Kripto

Botswana Central Bank Flags ‘Minimal’ Crypto Risks but Calls for Regulation

Botswana’s central bank has acknowledged that the country’s local cryptocurrency market remains...

Google Responds to DOJ with Plan for Search Monopoly Fixes
Kripto

Google Responds to DOJ with Plan for Search Monopoly Fixes

Google has proposed alternative remedies to address its antitrust violations, responding to...

Amazon to Introduce Ergonomic Improvements Across US Facilities
Kripto

Amazon to Introduce Ergonomic Improvements Across US Facilities

Amazon has agreed to adopt new safety measures across all U.S. facilities...

Crypto Event Attendees’ Personal Data Being Sold, Raising Privacy and Phishing Concerns
Kripto

Crypto Event Attendees’ Personal Data Being Sold, Raising Privacy and Phishing Concerns

Sensitive personal data from attendees of crypto industry events is being sold...