As an experienced cybersecurity analyst, I find this incident deeply concerning. The fact that a user could lose $1 million worth of crypto holdings through counter-trading and a malicious Chrome plugin is a clear indication of lax security measures on the part of Binance.
A Chinese Binance user named Nakamao allegedly had $1 million worth of cryptocurrencies stolen from his account by a hidden agent within the crypto community, according to recent reports.
Binance User Loses Funds to Counter Trading
Nakamao asserted that his Binance account underwent thorough security measures. Yet, despite not sharing the password or enabling two-factor authentication (2FA) with the unauthorized user, all funds were withdrawn through a method called “counter-trading”.
On May 24, Nakamao uncovered suspicious transactions in his crypto account. A skilled cybercriminal exploited Nakamao’s web cookies, executing substantial trades in the USDT market with ample liquidity, and placing limit sell orders at artificially inflated prices in under-supplied trading pairs. By employing this technique, the hacker reaped substantial profits without setting off any security warnings from Binance.
I made every attempt to reach out to Binance customer service promptly when I discovered unauthorized activity in my Nakamao account. Regrettably, the hacker persisted in their actions and managed to withdraw all funds before effective intervention could occur. I was dismayed by the slow response from Binance and the insufficient risk control measures that allowed the conspicuous arbitrage transactions of the hacker to go unhindered.
As a crypto investor, I delved deeper into the matter and uncovered that the security breach was orchestrated through a harmful Chrome extension named Aggr. I had unwittingly installed this add-on following endorsements from an influential figure in the overseas crypto community, who went by the name KOL. The cunning hacker then exploited my cookies amassed by Aggr, which granted him access to my active sessions without requiring a password or two-factor authentication. Consequently, he assumed control over my account.
Additionally, this marks one of the initial occurrences where a hacker successfully pilfered funds solely by exploiting a Chrome extension. As disclosed earlier this year on March 1st, an overseas Binance user had their account drained in a similar fashion via the same plugin. Nakamao consequently underscored the risks inherent in employing Chrome Web extensions.
Security Lapses
Weeks prior to Nakamoto’s incident, Binance had become aware of a harmful plugin and the malicious actions of its creator. Despite this knowledge, Binance chose not to alert users or halt the promotion of the plugin right away.
As a researcher, I’ve observed that despite the clear signs of arbitrage transactions by a hacker, Binance failed to enforce adequate risk control mechanisms to identify and halt the theft, according to my findings. Unfortunately, Binance’s tardiness in collaborating with other platforms to freeze the hacker’s funds resulted in missed chances to recover stolen assets. Consequently, I strongly advocate for enhanced security measures at the exchange.
Read More
- SOL PREDICTION. SOL cryptocurrency
- USD ZAR PREDICTION
- AVAX PREDICTION. AVAX cryptocurrency
- MNT PREDICTION. MNT cryptocurrency
- BEN PREDICTION. BEN cryptocurrency
- EUR KRW PREDICTION
- USD PHP PREDICTION
- BTC PREDICTION. BTC cryptocurrency
- PHB PREDICTION. PHB cryptocurrency
- ARKM PREDICTION. ARKM cryptocurrency
2024-06-03 13:04