On May 24th, a user known as CryptoNakamao on platform X reported that hackers had stolen nearly all the funds from his account, totaling $1 million. The attack was carried out using malicious software.
The malware originated from a Google Chrome plugin called Aggr. CryptoNakamao installed this plugin after seeing it promoted by several influencers on social media.
Once installed, the hackers used the malware to collect the victim’s cookies. These cookies were then used to bypass password and two-factor authentication (2FA), allowing the hackers to log into the victim’s Binance account and drain all the funds.
“I became a victim of a malware attack, and $1 million in my Binance account was wiped out,” said the user.
“I was hacked because of this plugin while it was being widely promoted.”
“The specific way this malicious plugin works is as follows: If you install and use the malicious plugin, hackers can collect your cookies and send them to the hacker’s server. The hackers can then use the collected cookies to hijack user sessions (pretending to be that user). As a result, hackers don’t need your password or 2FA to control your account.”
我成了币圈卧底的牺牲品,币安账户里100万美元灰飞烟灭
直到现在我整个人还是懵的,这几乎是我这几年全部的积蓄。… pic.twitter.com/sSNUTXFZsc
— Nakamao???? (@CryptoNakamao) June 3, 2024
CryptoNakamao also criticized Binance employees for their “very slow response and lack of help in recovering any losses.” He believes that Binance had known about the plugin’s existence for a long time and had even traced the hacker’s address at least 3 or 4 weeks prior. They had also obtained the name and link to the plugin from influencers. Despite this, according to him, Binance failed to issue a timely warning about the plugin, leading to him becoming a victim.
According to Wu Blockchain, another Binance user reported a similar theft on March 1, using the same method. Binance has not yet commented on this incident.
Breaking: Your Binance account may have been compromised due to downloading the KOL-promoted Google plugin Aggr. A Chinese user used this plug-in, which resulted in $1 million being stolen through cross-trading on May 24th. Another Binance user had his funds stolen on March 1.…
— Wu Blockchain (@WuBlockchain) June 3, 2024
Regardless of the outcome, this incident serves as an expensive lesson for everyone. Users must exercise caution before installing any plugins or software. It’s crucial to thoroughly verify that the application is safe before installation.
