Tuesday , 24 December 2024
Home Kripto Hackers Use Chrome Extension to Extract Millions from Binance Users
Kripto

Hackers Use Chrome Extension to Extract Millions from Binance Users

Hackers Use Chrome Extension to Extract Millions from Binance Users

A recent cybersecurity incident involving a deceptive Google Chrome plugin named Aggr has led to significant financial losses for a Chinese trader and potentially others. This plugin, masquerading as a tool for accessing trading data, facilitated unauthorized access to Binance accounts by exploiting stolen browser cookies.

On May 24, a trader, known as CryptoNakamao on X, noticed unauthorized trading activity on their Binance account. The suspicious activities came to light only after the trader checked the Bitcoin price through the Binance app. By then, the hacker had already siphoned off funds amounting to approximately $1 million.

The Aggr Chrome plugin covertly stole web browser cookies, allowing the hackers to bypass both password and two-factor authentication (2FA) systems. These cookies were used to hijack active user sessions on Binance, enabling the perpetrators to conduct transactions without needing to log in conventionally.

Analysis of the Hack

The attackers utilized the stolen cookies to manipulate the market through leveraged trades on low liquidity cryptocurrency pairs. This method allowed them to artificially inflate prices and execute profitable trades at the expense of the compromised accounts.

The culprits engaged in cross-trading—where buy and sell orders for the same asset are offset without being recorded on the exchange—by purchasing various tokens against Tether and placing limit sell orders at prices above the market rate in other less liquid trading pairs.

Binance’s Response and Security Lapses

Despite the trader’s immediate report of the suspicious activities, Binance allegedly failed to halt the unauthorized transactions in a timely manner. The platform did not freeze the funds associated with the hacker’s account promptly, allowing the manipulation to continue for over an hour.

Investigations revealed that Binance was already aware of the Aggr plugin’s malicious nature and was conducting an internal investigation. However, the trader claims that Binance did not adequately warn its users about the potential risks, nor did it implement preventative measures to block the plugin’s activities.

Impact and Implications

The affected trader lost their life savings due to this security breach, highlighting significant vulnerabilities in the current security frameworks used by crypto exchanges and the dangers posed by third-party browser extensions.

This incident underscores the need for enhanced security protocols on cryptocurrency trading platforms, particularly in terms of real-time risk detection and response strategies. It also calls into question the responsibility of exchanges to inform and protect their users proactively.

The hacking incident involving the Aggr Chrome plugin serves as a critical reminder of the sophisticated methods employed by cybercriminals in the cryptocurrency space. As digital assets continue to gain popularity, both users and platforms must prioritize advanced security solutions to safeguard against such invasive threats.

Aspect Detail
Date of Incident May 24
Nature of Attack Use of malicious Chrome plugin (Aggr)
Total Loss Approx. $1 million
Method of Attack Theft of browser cookies for session hijacking
Binance’s Initial Response Delayed action and lack of timely intervention
Investigative Findings Binance was previously aware of the plugin’s risks

Related Articles

SK Hynix Secures 8 Million Grant for US Semiconductor Project
Kripto

SK Hynix Secures $458 Million Grant for US Semiconductor Project

The U.S. Commerce Department announced on Thursday it has finalized an award...

SpaceX Secures Approval for Seventh Starship Launch
Kripto

SpaceX Secures Approval for Seventh Starship Launch

SpaceX has secured regulatory approval for its seventh Starship launch, marking another...

Chainalysis Expands Into Web3 Security With Hexagate Acquisition
Kripto

Chainalysis Expands Into Web3 Security With Hexagate Acquisition

On December 19, blockchain analytics giant Chainalysis announced its strategic acquisition of...

Shein Agrees to Local Data and Control Rules for India Comeback
Kripto

Shein Agrees to Local Data and Control Rules for India Comeback

Shein, the Chinese fashion retailer, must hand over Indian customer data and...