Chinese Crypto Trader Loses $1 Million From Binance After Chrome Plugin Exploit

As a researcher with experience in the cryptocurrency space, I find the incident reported by Doomxbt and CryptoNakamao concerning and disappointing. The stories of these traders losing their savings due to alleged slow responses from Binance and malicious Chrome extensions are alarming.


A Chinese cryptocurrency trader expressed disappointment after having the majority of his savings on Binance taken through a Chrome plugin vulnerability. He accused the exchange of a sluggish reaction time, which may have contributed to the theft.

Malicious Chrome Extension Swipes $1 Million In Crypto

As a cryptocurrency analyst, I’d like to share an unusual occurrence that took place with the crypto investor Doomxbt in late February. He reportedly observed his substantial Binance account balance, amounting to around $70,000, being depleted at an alarming rate. Unfortunately, there was no way for him to halt this unwanted transaction in progress.

According to the post, I received multiple alerts from Binance regarding filled orders on my account. Acting swiftly, I logged in to check my balance and reached out to support before it hit zero. However, as I attempted to receive help, I was powerlessly watching as my funds dwindled away.

As an analyst looking back at that incident, it appeared unclear what had caused the user on Binance, who had enabled two-factor authentication (2FA), to gain access to their account without any apparent issues. At the time, I was monitoring the situation closely as Binance’s CEO, Richard Teng, publicly acknowledged the issue and initiated a thorough investigation to identify the root cause of this security incident.

Sadly, numerous other individuals suffered from fund thefts following comparable occurrences over the past few months. One such affected individual is a Chinese trader who recently experienced a significant loss of $1 million. This user has shared an X post as a warning to the crypto community about the harmful malware responsible for their financial misfortune.

As a crypto investor, I was taken aback when I discovered unusual trading activity in my Binance account on May 24th. I had not initiated any transactions and was shocked to find that my assets were being bought and sold at a rapid pace without my consent. I became aware of this unauthorized activity only when I logged into my account to check the current price of Bitcoin (BTC).

Chinese Crypto Trader Loses $1 Million From Binance After Chrome Plugin Exploit

Nakamao quickly reached out to customer support, yet, much like with Doomxbt, the perceived delay in their response gave the exploiter ample time to make off with the funds. Consequently, the trader chose to delve into the cause of this unfortunate incident.

As an analyst, I’ve discovered that a malicious Google Chrome Extension named Aggr was responsible for the recent cryptocurrency theft from a Binance user. Based on the victim’s investigation, this extension surreptitiously obtained all their web browsing and cookie data.

Using this data, a hacker was able to seize control of an ongoing Binance trading session without the need for the account password or two-factor authentication. Once inside the account, the intruder carried out numerous leveraged transactions on the pairs QTUM/BTC, DASH/BTC, and PYR/BTC with low market liquidity. The hacker capitalized on these manipulations to generate substantial profits.

Binance Responds To Accusations

Nakamao voiced his frustration toward the crypto exchange, sharing that he had anticipated better assistance from their customer support team. Furthermore, he alleged that the exchange inadvertently provided a platform for the hacker’s ongoing activities during their investigation.

A trader disclosed that they discovered the harmful Chrome extension after it was endorsed by an influencer who had been compensated for their promotion. According to a post by Nakamao, Binance reportedly knew about this and urged the traders to gather more details from the hacker.

It turned out that Binance had known about the existence of this plugin for a long time, and even encouraged this KOL to get further information from the hacker, and it was while the plugin was being further promoted that I was stolen. Binance had tracked down the hacker’s address at least 3 or 4 weeks ago and obtained the name and link to the plugin from the KOL. But even so, Binance likely failed to notify the suspension of the product in time to continue tracking down the hacker and avoid spooking them, and I became a casualty of that.

In response to the accusations, the exchange asserted that it wasn’t aware of the Aggr plugin until the incident involving Nakamoto. Additionally, it maintained that there was no connection drawn between Doomxbt’s probe and the Chrome extension.

The influencer’s promotion of the harmful plugin was unknown to them, and they pledged to investigate further. Notably, crypto community members have been alerting users to this novel form of attack for approximately a week.

In the end, Binance explained that they couldn’t reimburse Nakamoto because his account was fraudulently manipulated by a malicious plugin.

I understand your concern and empathize with the unfortunate incident you’ve experienced. Based on our current understanding, it appears that a malicious plugin caused your device to be manipulated, resulting in the loss of your assets. However, as researchers, we cannot offer compensation for this situation because it falls outside the scope of Binance’s responsibility.

Chinese Crypto Trader Loses $1 Million From Binance After Chrome Plugin Exploit

Read More

2024-06-04 07:12