back to top
Monday, June 3, 2024
HomeCryptoBinance user lost 1 million USD due to Chrome Aggr plugin, you...

Binance user lost 1 million USD due to Chrome Aggr plugin, you could also be the next victim

Your Binance account may have been compromised by downloading the Google Aggr plugin promoted by a KOL. A Chinese user used the plugin, resulting in the theft of $1 million via cross-trade on May 24. Another Binance user had funds stolen on March 1. Hacker used cookies are hijacked to bypass password/2FA verification and log in to the victim’s Binance account.

Below is a translation from Chinese on the victim’s X account:

“I became a victim of an attack from an undercover attacker in the crypto world, $1 million was stolen from my Binance account. I’m still shocked now, this is almost all the money I’ve accumulated over the years.

Hackers took all the funds in my account through cross-transaction without needing my Binance account password or 2FA verification code. After an investigation with the security company, I discovered something even more shocking: I had become the victim of an undercover agent in the cryptocurrency world. The whole incident is so strange, today I write this story to warn people not to fall into my footsteps. I never thought my assets would be wiped out this way. This is a warning to crypto investors, don’t be the next me!

May 24, a normal Friday, when I had just finished work and was on my way home, both my computer and phone were next to me. Meanwhile, my account was going through crazy transactions that I was completely unaware of.

QTUM/BTC is up 21% due to my account purchases, DASH/BTC is up 27%, PYR/BTC is up 31%; ENA/USDC increased by 22%; NEO/USDC increased by 20%. These transactions were only discovered when I habitually opened Binance to look at BTC prices after an hour and a half.

The security company later told me that hackers had hijacked my cookies and manipulated my Binance account. Hackers bought tokens in trading pairs with high liquidity such as USDT, and placed sell orders at prices higher than the market in trading pairs with low liquidity such as BTC, USDC. Finally, they used my account to perform leveraged trading, buying in large quantities to complete the cross trade.

During this process, I did not receive any security warnings from Binance. It’s funny that the next day I received an email inviting me to be a market maker because the trading volume was so large. Even if my account was stolen, no warnings or freezes were made, nor were the hacker’s assets restricted. This makes me extremely confused.

After realizing my account was stolen, I immediately contacted customer service, but in the process, the hacker was still manipulating my account. The hacker should have kept the funds in the platform, but the response from Binance was that the hacker withdrew the entire amount without any problem. What’s more confusing is that the hacker only used one account and made such clear cross transactions. This makes me lose faith in Binance’s control system.

After the incident happened, I not only notified Binance customer service but also messaged a representative on Telegram. That representative was very dedicated, immediately gave my UID to the security team. But even with this representative’s supervision, it took Binance staff more than a day to notify Kucoin and Gate to freeze the amount of money the hacker had transferred. Needless to say, the hacker transferred that money out a long time ago (verified). Freezing now is pointless.

Throughout the process, Binance staff’s response was very slow, not helping users get any funds back. I am a loyal user of Binance, having traded on the platform for many years, this is really disappointing. Is this really helping users get their stolen money back?

When I saw that the blocking on the exchange had completely failed, I sought the help of a security company to see if I could identify the hacker. First, I have to clarify the first question: while my computer and phone are both nearby, there aren’t any login from new devices or remote login warnings from Binance, how? hacker manipulating my account?

Finally, the security company and I determined that the main cause was a Chrome plugin called Aggr. This is a plugin of a data website with a long history, promoted by many KOLs and some Telegram channels. I saw this plugin had been recommended for several months so I downloaded it to try and see the data.

Currently, there have not been many cases in the Chinese cryptocurrency community of malicious Chrome plugins causing serious losses. I may be the first. Remember, Chrome plugins are just as dangerous as downloading malicious apps. Don’t download and use Chrome plugins arbitrarily! To warn everyone, I can list the most extreme situation: the Chrome plugin you often use can even install malicious code during an update.

The way this malicious plugin works is: if you install and use this plugin, hackers can collect your cookies and transfer them to their servers. Hackers can use cookies to hijack a user’s session (impersonate a user), thereby eliminating the need for a password or 2FA to control your account.

In my case, because my information was stored in 1password, the hacker could not bypass 2FA to withdraw my assets. But they can use my cookies to take over my account and perform cross transactions for profit.

So I went to the KOL who promoted it, to determine whether he was an accomplice of the hacker or not. Otherwise, he must immediately notify all his users to stop using this plugin to avoid greater losses. But when I contacted him, I discovered an even more horrifying story.

It turns out that Binance has known about this plugin for a long time and even encouraged this KOL to continue collaborating with the hacker to gather more information. And I was stoked as soon as this plugin was promoted more aggressively. Binance at least tracked down the hacker’s address 3-4 weeks ago and got the plugin’s name and link from this KOL. But because I wanted to continue searching for hackers without causing trouble, Binance did not notify me in time to stop using this plugin, and I became a victim.

The theft of a Binance account on March 1 by a member of the foreign community was also due to this plugin. At that time, Binance CEO Richard Teng responded saying, “Binance’s security team is actively investigating to find the root cause of the issue.” So, I don’t want and can’t believe that the Binance team has spent nearly 3 months and still hasn’t figured out the problem with this plugin.

In other words, no matter what, this plugin issue could have been announced and spread weeks before Alpha Tree made the issue public in the crypto community.

Looking back at the whole thing, if the hacker had simply withdrawn the money, I would have had nothing to say. But the fact that hackers performed free cross-transactions on Binance and Binance’s subsequent handling is unacceptable to me, not to mention that Binance has been investigating this hacker and plugin for a long time.

The timeline will look like this:

1. Binance knew about the hacker and this plugin several weeks ago but did nothing to stop or warn, allowing the situation to continue and cause greater losses.
2. Binance was aware of frequent thefts and cross-trades but took no action. Hackers manipulated my account for over an hour, causing extreme transactions without any control.
3. Binance did not promptly freeze the hacker’s only account on the platform.
4. After a day, Binance contacted the relevant platforms to freeze the hacker’s funds.

I have a lot of respect for the Binance representative and CEO, and the fact that the representative responded immediately, providing assistance to me. At this level, I have to thank the agent. This story should have been the story of Binance helping users recover stolen assets, and I should have written a thank you letter to Binance employees today. But the reality is, Binance staff completely disappointed me.

In the past, I always saw Binance’s articles about security. Every year Binance emphasizes security issues in its reports, making me very confident. I have held many assets in stablecoins on Binance because of this trust. But when it comes to risks, Binance’s actions make me feel strange. The flowery words and huge numbers, I can’t believe it anymore.

I wrote this story partly because I felt confused and helpless after being stolen. The other part is to warn everyone about security issues, don’t fall into my footsteps. As cryptocurrencies become more widely known, the asset safety and personal safety of any participant deserve attention.

Not your key, not your coin.

Thach Sanh

According to Bitcoin Magazine

Mark Tyson
Mark Tyson
Freelance News Writer. Always interested in the way in which technology can change people's lives, and that is why I also advise individuals and companies when it comes to adopting all the advances in Apple devices and services.


Please enter your comment!
Please enter your name here