Binance co-founder He Yi has made a public statement regarding the $1 million hack, clarifying that the intrusion was caused by a hack of user devices, not a security vulnerability on the Binance platform.
He Yi responded to a user who reportedly lost $1 million in cryptocurrency due to a security breach, stressing that the loss was due to the user’s PC being hacked, rather than a security issue with the Binance platform itself. Previously, cryptocurrency trader Nakamao claimed to have suffered significant losses in his account and accused Binance of security issues.
Binance is not wrong
In a detailed statement, He Yi denied that Binance was at fault in the hack. He explained that the user's account was accessed through a hacked computer, and the hacker sold the victim's cryptocurrency after gaining access, resulting in trading losses. He emphasized that Binance's security system remains intact and the vulnerability did not originate from the platform itself. "Take a closer look; this user's account was hacked because their computer was hacked; they are beyond help," He Yi wrote in a public statement.
Nakamao, on the other hand, provided a different perspective, saying that the hacker manipulated his Binance account by controlling his web cookies. "Later, the security company told me that the hacker manipulated my account by hijacking my web cookies," he explained. He described how the hacker executed trades in highly liquid USDT trading pairs and placed unreasonable sell orders in less liquid trading pairs such as BTC and USDC.
Quickly freeze hacked accounts
Binance customer service acted quickly after receiving the freeze request and froze the affected accounts within 1 minute and 19 seconds. The customer service department said the intrusion was carried out through a malicious plugin that allowed hackers to impersonate Nakamao. Binance's statement read: "We sympathize with your experience, but based on the information we currently have, the reason for your asset loss is that your relevant device was manipulated by installing a malicious plugin."
Despite Binance’s quick action, Nakamao questioned Binance’s explanation and handling of the situation. He claimed that Binance knew about the existence of the malicious plugin in advance and accused the platform of not taking action to warn users in advance. “It turns out that Binance knew about the existence of this plugin very early and even encouraged KOLs to get more information from hackers,” Nakamao said.
He Yi advised users to pay attention to maintaining safe login habits, especially for active cookie plugins. She reiterated that Binance cannot compensate users whose login devices are damaged due to their actions. "Binance cannot compensate users for damaged login devices," she urged users to avoid compromising security for trivial conveniences.