By stealing users’ cookies, the promotional plugin allows hackers to access the victim’s Binance account without requiring a password or two-factor authentication.
Stay in the know on crypto by frequently visiting Crypto News Today
A hacking scam utilizing the promotional Aggr Google Chrome plugin cost a Chinese trader $1 million. Users’ cookies are stolen by the promotional plugin, which hackers then use to access the victim’s Binance account by avoiding password and two-factor authentication (2FA) verification.
CryptoCaster Quick Check:
A trader shared their story of losing their life savings to an unforeseen scam on X. The trader, who goes by the X username CryptoNakamao, claimed that they were unaware of their account’s arbitrary trading until they opened the Binance app to check the Bitcoin on May 24.
The hacker had taken all of the money out by the time he went to Binance for help.
Hacker stole cookie data for cross-trading on Binance.
The trader stated that the hackers had obtained his browser’s cookie information by using the Aggr Chrome plugin. After installing the plugin in order to access notable trader data, the trader discovered that malicious software had been developed to steal cookies and browsing history from users.
The hacker then carried out numerous leveraged trades to drive up the price of low liquidity pairs and profit from them by using the cookies he had collected to take over active user sessions without a password or authentication.
The trader clarified that despite 2FA preventing direct fund withdrawals, the hacker was still able to profit from cross-trading by using cookies and active login sessions.
According to the trader, the hacker purchased multiple tokens in the highly liquid Tether USDT trading pair and put limit sell orders in other trading pairs with limited liquidity, such as Bitcoin, USD Coin, and others, that were higher than the market price.
Ultimately, the hacker initiated leveraged positions, made a sizable excess purchase, and finished the cross-trading. When buy and sell orders for the same asset are offset without the trade being recorded on the exchange, this is known as a cross trade.
Trader blames Binance
The trader alleges that even with abnormally high trading activity, Binance failed to put in place necessary security measures. Moreover, they added, the exchange did not act to halt it even after receiving timely complaints.
The trader found out during their investigation that Binance had already started an internal investigation and had been aware of the fraudulent plugin for some time. The trader claimed that even though Binance was aware of the hacker’s address and the specifics of the plugin scam, it did not notify the traders or take any action to stop the fraud. The merchant penned:
“Binance did nothing even though it knew of the theft and frequent cross-trading. Hackers manipulated accounts for over an hour, causing extremely abnormal transactions in multiple currency pairs without any risk control; Binance failed to freeze the funds of the obvious hacker’s single account in the platform on time.”
CryptoCaster™ steadfastly upholds its dedication to keeping our global audience well-informed about the ongoing adoption of blockchain technology, as well as the latest hurdles emerging from government-controlled fiat financial systems, banking conglomerates, and other major institutional entities. Our commitment extends to providing comprehensive updates and insights into how these developments affect the broader landscape of digital currencies, the potential regulatory impacts on blockchain innovations, and the evolving dynamics between traditional financial institutions and emerging cryptocurrency markets. By staying at the forefront of these critical issues, CryptoCaster™ aims to empower our audience with the knowledge needed to navigate the complex interplay of technology, regulation, and finance in the modern world.
We hope you found this article insightful. Before you go, please consider supporting CryptoCaster’s independent journalism.
In the world of media owned by billionaires like Elon Musk, Larry Fink (BlackRock), and Jamie Dimon (JP Morgan Chase), influence over narratives surrounding cryptocurrency and Web3 often reflects their interests. CryptoCaster is different. With no billionaire backers or shareholder obligations, we are committed solely to public interest journalism, covering crypto advancements and institutional changes without profit-driven motives.
Unlike much of mainstream media, which can fall into neutrality traps that obscure the real impacts on retail investors, we’re guided by transparency and integrity. We are unafraid to take a stand in the ongoing struggle against fiat banking dominance and in support of the monetary innovation driven by crypto and Web3. Reporting on issues like FTX, Binance, and Ripple, we bring a bold, unfiltered outsider’s view on global financial disruption—free from the constraints of traditional media narratives.
CryptoCaster remains paywall-free, accessible to everyone, thanks to the support of readers like you. Your contributions keep us independent and help ensure that critical information on the crypto landscape reaches all. If you value our work, please consider supporting us with a one-time contribution starting at just $1 in Bitcoin or Ether, or even monthly if you’re able. Scroll down to find our wallet addresses and help keep CryptoCaster independent and thriving.
Thank you for your support,
Kristin Steinbeck
Editor, CryptoCaster
Please Read Essential Disclaimer Information Here.
© 2024 Crypto Caster provides information. CryptoCaster.world does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.
Contribute to CryptoCaster℠ Via Metamask or favorite wallet. Send Coin/Token to Addresses Provided Below.
Thank you!
BTC – bc1qgdnd752esyl4jv6nhz3ypuzwa6wav9wuzaeg9g
ETH – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
CRYPTOCASTER HEATMAP