A cryptocurrency investor experienced a security breach, resulting in the loss of approximately $1 million from their Binance account. The incident unfolded without the hacker needing the account password or two-factor authentication (2FA), employing a sophisticated âcounter-tradingâ technique that manipulated market trades.
Upon investigating the breach with a security firm, the victim discovered that an undercover agent within the cryptocurrency community was responsible for the theft. The agent used a seemingly benign Chrome extension recommended by trusted figures to hijack the victimâs trading session and execute unauthorized transactions.
ææäșćžćć§ćșççșçČćïŒćžćźèŽŠæ·é100äžçŸć ç°éŁçççŽć°ç°ćšææŽäžȘäșșèżæŻæ”çïŒèżć äčæŻæèżć ćčŽć šéšç积èă⊠pic.twitter.com/sSNUTXFZsc
â Nakamaođ«Ą (@CryptoNakamao) June 3, 2024
How the Attack Was Executed
The hacker manipulated the victimâs account by hijacking web cookies to gain control. They then aggressively bought and sold cryptocurrencies in low-liquidity trading pairs, creating artificial market movements. The victimâs account showed large purchases in QTUM/BTC, DASH/BTC, PYR/BTC, ENA/USDC, and NEO/USDC, significantly altering their prices.
Despite immediate reports to Binance, the platformâs response was criticized for its slowness and inefficiency. The stolen funds were quickly moved off the exchange before any preventive action could be taken, raising significant concerns about the exchangeâs risk management and security protocols.
Further investigation highlighted the role of the âAggrâ Chrome plugin, which had been covertly collecting user data and enabling session hijacking. Although the platform was aware of the plugin from a previous security alert, its potential threat was not communicated to the users promptly.