Hackers Exploit Chrome Plugin To Steal Millions From Binance Accounts
A Chinese businessman lost $1 million in a hacking scam using a promotional Google Chrome plugin called Talk. The promotional plugin steals cookies from users, which hackers use to bypass password and two-factor authentication and log into the victim's Binance account.
A businessman takes to X to report the loss of his life savings to an unintended fraud. A trader with the X username Cryptonakamao said on May 24, his Binance account started trading randomly, and he only realized it after opening the Binance app to check the price of Bitcoin (BTC).
While seeking help from Binance, the hacker withdrew all funds.
A hacker stole cookie information to trade on Binance
The merchant said the hackers obtained web browser cookie data they stole through a Chrome plugin called Agri. The merchant installed the plugin only to discover that malicious software was created to steal users' web browsing data and cookies to access popular merchant data.
The hacker then used the collected cookies to intercept active user sessions without password or authentication and make highly leveraged trades to increase the price of low-liquidity pairs and profit from them.
Related: Ethereum hits new all-time high as Ether ETF countdown nears end
The merchant explained that although the hacker could not withdraw the money directly due to two-factor authentication (2FA), they used cookies and active login sessions to profit from the transaction.
The trader said that the hacker bought a lot of tokens in the Tether (USDT) trading pair and placed sell orders in Bitcoin, USD Coin (USDC) and other trading pairs above the market price.
Finally, the hacker opens leveraged positions, buys a large amount, and completes the transaction. Cross trading is the practice of buying and selling the same asset without registering on the exchange.
The trader blamed Binance
The trader claims that Binance did not implement necessary security measures despite unusually high trading activity. In the past, even after receiving timely complaints, the exchange did not take any action to stop it, he added.
During the investigation, the trader found out that Binance has been aware of the fraudulent plugin for some time and is already conducting an internal investigation. Although the trader knew the hacker's address and the fraudulent nature of the plugin, Binance said it did not notify the traders or take any action to prevent the fraud. The merchant wrote:
“Binance knew about the theft and repeated trades, but did nothing. Hackers took control of accounts for over an hour, resulting in highly unusual trading in multiple currency pairs without risk control. Binance failed to block an obvious hacker's single-account funds from the platform in time.”
Cointelegraph reached out to Binance for comments but did not receive a response at the time of publication.
Magazine: Ether EFAs Expected in June, CZ Exits Binance France, and Other News: Hodler's Digest, May 26 – June 1