By stealing users’ cookies, the promotional plugin allows hackers to access the victim’s Binance account without requiring a password or two-factor authentication.
Stay in the know on crypto by frequently visiting Crypto News Today
A hacking scam utilizing the promotional Aggr Google Chrome plugin cost a Chinese trader $1 million. Users’ cookies are stolen by the promotional plugin, which hackers then use to access the victim’s Binance account by avoiding password and two-factor authentication (2FA) verification.
CryptoCaster Quick Check:
A trader shared their story of losing their life savings to an unforeseen scam on X. The trader, who goes by the X username CryptoNakamao, claimed that they were unaware of their account’s arbitrary trading until they opened the Binance app to check the Bitcoin on May 24.
The hacker had taken all of the money out by the time he went to Binance for help.
Hacker stole cookie data for cross-trading on Binance.
The trader stated that the hackers had obtained his browser’s cookie information by using the Aggr Chrome plugin. After installing the plugin in order to access notable trader data, the trader discovered that malicious software had been developed to steal cookies and browsing history from users.
The hacker then carried out numerous leveraged trades to drive up the price of low liquidity pairs and profit from them by using the cookies he had collected to take over active user sessions without a password or authentication.
The trader clarified that despite 2FA preventing direct fund withdrawals, the hacker was still able to profit from cross-trading by using cookies and active login sessions.
According to the trader, the hacker purchased multiple tokens in the highly liquid Tether USDT trading pair and put limit sell orders in other trading pairs with limited liquidity, such as Bitcoin, USD Coin, and others, that were higher than the market price.
Ultimately, the hacker initiated leveraged positions, made a sizable excess purchase, and finished the cross-trading. When buy and sell orders for the same asset are offset without the trade being recorded on the exchange, this is known as a cross trade.
Trader blames Binance
The trader alleges that even with abnormally high trading activity, Binance failed to put in place necessary security measures. Moreover, they added, the exchange did not act to halt it even after receiving timely complaints.
The trader found out during their investigation that Binance had already started an internal investigation and had been aware of the fraudulent plugin for some time. The trader claimed that even though Binance was aware of the hacker’s address and the specifics of the plugin scam, it did not notify the traders or take any action to stop the fraud. The merchant penned:
“Binance did nothing even though it knew of the theft and frequent cross-trading. Hackers manipulated accounts for over an hour, causing extremely abnormal transactions in multiple currency pairs without any risk control; Binance failed to freeze the funds of the obvious hacker’s single account in the platform on time.”
CryptoCaster™ steadfastly upholds its dedication to keeping our global audience well-informed about the ongoing adoption of blockchain technology, as well as the latest hurdles emerging from government-controlled fiat financial systems, banking conglomerates, and other major institutional entities. Our commitment extends to providing comprehensive updates and insights into how these developments affect the broader landscape of digital currencies, the potential regulatory impacts on blockchain innovations, and the evolving dynamics between traditional financial institutions and emerging cryptocurrency markets. By staying at the forefront of these critical issues, CryptoCaster™ aims to empower our audience with the knowledge needed to navigate the complex interplay of technology, regulation, and finance in the modern world. 
If this article brought you clarity, insight, or value—support the work that made it possible.
At CryptoCaster, we report on Web3, crypto markets, and institutional finance with no billionaire owners, no shareholders, and no hidden agenda. While mainstream media bends toward Elon Musk, BlackRock, and JPMorgan narratives, we stay focused on what matters: truth, transparency, and the public interest.
We don’t just cover the headlines—we investigate the power structures behind them. From FTX and Ripple to the quiet push for CBDCs, we bring fearless reporting that isn’t filtered by corporate interests.
CryptoCaster is 100% paywall-free. Always has been. To keep it that way, we depend on readers like you.
If you believe independent crypto journalism matters, please contribute—starting at just $1 in Bitcoin or Ether. Wallet addresses are below.
Your support keeps us free, bold, and accountable to no one but you.
Thank you,
Kristin Steinbeck
Editor, CryptoCaster
Please Read Essential Disclaimer Information Here.
© 2024 Crypto Caster provides information. CryptoCaster.world does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.
Contribute to CryptoCaster℠ Via Metamask or favorite wallet. Send Coin/Token to Addresses Provided Below.
Thank you!
BTC – bc1qgdnd752esyl4jv6nhz3ypuzwa6wav9wuzaeg9g
ETH – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
CRYPTOCASTER HEATMAP
