By stealing users’ cookies, the promotional plugin allows hackers to access the victim’s Binance account without requiring a password or two-factor authentication.
Stay in the know on crypto by frequently visiting Crypto News Today
A hacking scam utilizing the promotional Aggr Google Chrome plugin cost a Chinese trader $1 million. Users’ cookies are stolen by the promotional plugin, which hackers then use to access the victim’s Binance account by avoiding password and two-factor authentication (2FA) verification.
CryptoCaster Quick Check:
A trader shared their story of losing their life savings to an unforeseen scam on X. The trader, who goes by the X username CryptoNakamao, claimed that they were unaware of their account’s arbitrary trading until they opened the Binance app to check the Bitcoin on May 24.
The hacker had taken all of the money out by the time he went to Binance for help.
Hacker stole cookie data for cross-trading on Binance.
The trader stated that the hackers had obtained his browser’s cookie information by using the Aggr Chrome plugin. After installing the plugin in order to access notable trader data, the trader discovered that malicious software had been developed to steal cookies and browsing history from users.
The hacker then carried out numerous leveraged trades to drive up the price of low liquidity pairs and profit from them by using the cookies he had collected to take over active user sessions without a password or authentication.
The trader clarified that despite 2FA preventing direct fund withdrawals, the hacker was still able to profit from cross-trading by using cookies and active login sessions.
According to the trader, the hacker purchased multiple tokens in the highly liquid Tether USDT trading pair and put limit sell orders in other trading pairs with limited liquidity, such as Bitcoin, USD Coin, and others, that were higher than the market price.
Ultimately, the hacker initiated leveraged positions, made a sizable excess purchase, and finished the cross-trading. When buy and sell orders for the same asset are offset without the trade being recorded on the exchange, this is known as a cross trade.
Trader blames Binance
The trader alleges that even with abnormally high trading activity, Binance failed to put in place necessary security measures. Moreover, they added, the exchange did not act to halt it even after receiving timely complaints.
The trader found out during their investigation that Binance had already started an internal investigation and had been aware of the fraudulent plugin for some time. The trader claimed that even though Binance was aware of the hacker’s address and the specifics of the plugin scam, it did not notify the traders or take any action to stop the fraud. The merchant penned:
“Binance did nothing even though it knew of the theft and frequent cross-trading. Hackers manipulated accounts for over an hour, causing extremely abnormal transactions in multiple currency pairs without any risk control; Binance failed to freeze the funds of the obvious hacker’s single account in the platform on time.”
CryptoCaster™ steadfastly upholds its dedication to keeping our global audience well-informed about the ongoing adoption of blockchain technology, as well as the latest hurdles emerging from government-controlled fiat financial systems, banking conglomerates, and other major institutional entities. Our commitment extends to providing comprehensive updates and insights into how these developments affect the broader landscape of digital currencies, the potential regulatory impacts on blockchain innovations, and the evolving dynamics between traditional financial institutions and emerging cryptocurrency markets. By staying at the forefront of these critical issues, CryptoCaster™ aims to empower our audience with the knowledge needed to navigate the complex interplay of technology, regulation, and finance in the modern world.
W
e hope you enjoyed this article. Before you move on, we invite you to consider supporting CryptoCaster’s journalism.
Billionaire owners like Elon Musk, Larry Fink (BlackRock), and Jamie Dimon (JP Morgan Chase) often have a strong influence on the hidden agendas surrounding the paradigm shift brought about by cryptocurrency and emerging Web3 technologies. CryptoCaster stands apart. We have no billionaire owner or shareholders to please. Our journalism is dedicated to serving the public interest in crypto development and institutional disruptions, not profit motives.
We avoid the pitfall of much U.S. and global media, which often resorts to false equivalence in the name of neutrality and retail consumer protection. While fairness and transparency guide everything we do, we recognize that there is a right and wrong stance in the fight against fiat global banking interests and the monetary reconstruction driven by the emerging crypto ecology.
When we report on issues like the FTX, Binance, and Ripple crises, we’re not afraid to name names and uncover the truth. As a crypto sentinel, we offer a fresh, outsider perspective on global monetary disruption—something often missing from the insular American and European media bubble.
CryptoCaster’s paywall-free journalism is accessible worldwide thanks to our unique reader-supported model. This is made possible by readers like you. Your support keeps us independent, free from outside influence, and accessible to everyone, regardless of their ability to pay for news and information.
We are grateful for the ongoing monetary support from our readers. If you haven’t yet considered supporting CryptoCaster, please consider contributing just once from $1 or more in Bitcoin (satoshi) or Ether, or even better, support us monthly with a bit more. Scroll further down this page to find CryptoCaster’s wallet addresses.
Thank you.
Kristin Steinbeck
Editor, CryptoCaster
Please Read Essential Disclaimer Information Here.
© 2024 Crypto Caster provides information. CryptoCaster.world does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.
Contribute to CryptoCaster℠ Via Metamask or favorite wallet. Send Coin/Token to Addresses Provided Below.
Thank you!
BTC – bc1qgdnd752esyl4jv6nhz3ypuzwa6wav9wuzaeg9g
ETH – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
SOL – DLvdMu85dW6pZMhw2E4S3pp81qQQGpy5UcdTsFEFBu4b
LITECOIN – ltc1qxsgp5fykl0007hnwgl93zr9vngwd2jxwlddvqt
CRYPTOCASTER HEATMAP