Chinese trader loses $1 million in Binance hacking scam

abdelaziz Fathi

A Chinese trader lost $1 million after falling victim to a hacking scam involving a promotional Google Chrome plugin called Aggr.

Binance spectacle

The plugin reportedly stole cookies from users, enabling hackers to bypass password and two-factor authentication (2FA) verification to access the victim’s Binance account.

The trader, who uses the handle CryptoNakamao on social media platform X, recounted the incident, which occurred on May 24. He noticed unusual trading activity in his Binance account after checking the Bitcoin price on the Binance app. By the time he sought assistance, the hacker had already withdrawn all the funds.

The trader claimed that the hackers accessed his web browser cookie data through the Aggr Chrome plugin. He installed the plugin to gain insights from prominent traders, not realizing it was designed to steal browsing data and cookies. The hackers used the stolen cookies to hijack active user sessions without needing passwords or authentication, enabling them to carry out multiple leveraged trades and profit by manipulating low liquidity trading pairs.

Even though the hacker could not directly withdraw funds due to 2FA, they used the cookies and active login sessions to execute trades. The hacker bought several tokens in the Tether (USDT) trading pair with high liquidity and placed limit sell orders at inflated prices in Bitcoin (BTC), USD Coin (USDC), and other low liquidity trading pairs. They then opened leveraged positions, bought large amounts, and completed cross-trading. Cross-trading involves offsetting buy and sell orders for the same asset without recording the trade on the exchange.

Trader’s accusations against Binance

The trader accused Binance of failing to implement necessary security measures despite the unusually high trading activity on his account. He also claimed that the exchange did not take timely action even after he reported the issue. According to the trader, Binance was aware of the fraudulent plugin and was conducting an internal investigation but did not inform users or take preventive measures.

“Binance did nothing even though it knew of the theft and frequent cross-trading. Hackers manipulated accounts for over an hour, causing extremely abnormal transactions in multiple currency pairs without any risk control; Binance failed to freeze the funds of the obvious hacker’s single account on the platform in time,” the trader wrote.

Yi He, co-founder of Binance, has refuted CryptoNakamao’s claims and clarified the situation on social media, stating, “Look closely; this user’s account was breached because their own computer was hacked; they are a lost cause. After the hack, the hacker could not withdraw funds, so the hacker sold the victim’s coins, which led to trading losses.”

“We sympathize with your experience, but according to the information we have learned so far, the reason for your asset loss is that your related devices were manipulated because of the installation of malicious plug-ins. Unfortunately, we have no way to compensate for such cases that have nothing to do with Binance,” the exchange stated.

Nakamao did not agree with Binance’s assessment, alleging that the exchange had been aware of the malicious plugin for some time and had even encouraged a key opinion leader (KOL) to gather more information from the hacker.

On her part, Yi He warned users about the dangers of logging into accounts with active cookie plugins to avoid the inconvenience of typing their passwords each time. “Binance is not able to compensate users when their own login devices are compromised,” she stated.

Update: A Binance spokesperson reached out to FinanceFeeds to comment on the matter

“Binance takes user protection and security of its platform very seriously. We always advise users to stay vigilant but unfortunately this is an incident where a user fell victim to a fraudulent plugin. – The impacted user had assumed a separate incident from 1st March was due to the fraudulent ““ plugin based on a X post dated 28th May.

The statement further details that the investigation of that incident did not find any such plugin “based on the data and material provided to us at that time.”

“Prior to the X post a community influencer had alerted us to the plugin on 27th May and we immediately implemented additional security measures. – Users come to Binance because we go further to protect them from bad actors. We continue to enhance our security measures to actively detect, combat and deter bad actors from our industry. – We are in contact with the impacted user to provide assistance and support, and take this opportunity to remind all users to always stay vigilant. We also encourage the community to report potential vulnerabilities through our Bug Bounty Program, which leverages and rewards crowdsourcing to help raise awareness of potential threats earlier.”

Read this next

Digital Assets

Gemini Earn users to recover $2.18 billion in crypto payouts

Cryptocurrency exchange Gemini has agreed to pay $50 million worth of digital assets to investors in its Gemini Earn program as part of a settlement with the New York Attorney General (NYAG), announced on Friday.

Fundamental Analysis, Market News, Tech and Fundamental

Global FX Market Summary: British Pound (GBP) Weakness, US Inflation, Euro, USD June 14 ,2024

British Pound weakens due to lower inflation expectations, potential policy changes from Reform Party, and broader economic concerns.


Q2 2024’s Top 5 Cryptos to Buy: BlockDAG, Pepe, Toncoin, Solana and Render

Learn about 2024’s Q2 top 5 cryptos. Explore potential high-return and advancements of altcoins like BlockDAG, Pepe, Toncoin, Solana, and Render.

Fundamental Analysis, Tech and Fundamental, Technical Analysis

GBPCAD Technical Analysis Report 14 June, 2024

GBPCAD currency pair can be expected to fall further toward the next support level 1.7250, former strong resistance from last year.

Digital Assets

Binance acquitted of tax evasion in Nigeria, now faces AML charges

Nigeria has dropped tax evasion charges against two Binance executives, Tigran Gambaryan and Nadeem Anjarwalla, after the world’s largest cryptocurrency exchange appointed a local representative to handle court processes related to the allegations.

Digital Assets

Trezor launches new hardware wallet ‘Safe 5’ with fresh security features

Crypto hardware wallet manufacturer Trezor announced on Friday the launch of its latest flagship product, the Trezor Safe 5, featuring upgraded security to promote self-custody of digital assets.

Institutional FX

Tradeweb enhances RFQ trading in bonds and ETFs

“Clients can now leverage predictive analytics and data to unveil deeper insights at the list level, providing them with an unparalleled level of precision throughout every point of the RFQ trading process.”

Industry News

US repatriates $1.4B misappropriated 1MDB funds to Malaysia

1MDB was created to promote economic development in Malaysia, but instead it went to Hollywood, a superyacht, a Monet and Van Gogh, as part of a $4.5 billion money laundering scheme.

Crypto Insider, Web3

What’s New in Web3 in 2024

Is Web3 really the future of the internet? It certainly seems so. In 2024, the momentum behind decentralized technologies, blockchain, and token-based economies will be stronger than ever.