A Chinese customer of the cryptocurrency exchange Binance is said to have lost an incredible $1 million worth of cryptocurrency holdings in his Binance account due to recent developments in cryptocurrency theft. According to the Chinese user Nakamao, an undercover agent working within the cryptocurrency community drained all of the money in his account.
Funds Lost by Binance User Due to Counter Trading
Nakamao said all required security procedures were in place for his Binance account. The user further mentioned that the hacker used “counter-trading” to drain all the funds despite not having the Nakamao account password or two-factor authentication (2FA).
Nakamao noticed strange trading activity in his account on May 24. The cryptocurrency hacker manipulated his account by taking control of his site cookies, making massive trades in the highly liquid USDT trading pair, and placing limit sell orders at inflated prices in pairs with low liquidity. Using this technique, the hacker made a sizable profit without raising any red flags with exchange regarding security.
The hacker proceeded to access Nakamao’s account and eventually took out all of the money without detection, even though they tried to contact Binance customer support right away. Nakamao bemoaned Binance’s inaction and inability to implement strong risk management procedures, which allowed the hacker’s blatantly obvious arbitrage operations to proceed unabated.
Subsequent analysis showed that the Aggr malicious Chrome extension was responsible for the incident. Nakamao purchased this plugin on the advice of a foreign influencer, KOL, and it gave the hacker access to gather and use his cookies to take over ongoing user sessions. By avoiding 2FA and password requirements, this technique gave the hacker access to the account.
Furthermore, this is among the first cases in which a hacker can obtain money solely by using a Chrome extension. It turns out that the identical plugin was used to steal money from a foreign community member’s Binance account on March 1 of this year. Thus, Nakamao emphasized the risks involved with utilizing Chrome Web plugins.
Security Violations
Nakamao said that weeks before Nakamao’s incident, exchange was aware of the harmful plugin and the hacker’s activity. Nevertheless, Binance did not stop promoting the plugin or provide a warning to users right away.
Nakamao pointed out that despite the hacker’s obvious arbitrage trades, Binance failed to implement adequate risk control procedures to identify and stop theft. He continued by saying that Binance lost out on chances to retrieve pilfered assets because it was tardy in notifying other platforms to freeze the hacker’s funds. Nakamao has thus insisted that the exchange implement stronger security measures.
