$1 million in Binance account gone to ashes!

Today, an incident involving the theft of funds in a Binance account has attracted widespread attention in the cryptocurrency community. It is reported that a user had nearly one million dollars in funds in his account stolen through "cross-trading" without revealing his account password and secondary verification instructions (2FA).

Looking back at the whole incident, how did the hacker manipulate his account without the user revealing any sensitive information? After investigation, the reason turned out to be a widely recommended Chrome plug-in Aggr. This plug-in was originally a tool to provide market data, but it was used by hackers to collect users' cookies, hijack user sessions, and control accounts without passwords or 2FA. This discovery is shocking and reminds us that Chrome plug-ins can also be the source of security vulnerabilities.

After downloading the plug-in, the hacker could not withdraw the currency, and the hacker used the cross-trading method to consume all the money in the account. Cross-trading is a transaction between a designated buyer and a designated seller in a bargaining manner for the same currency at the same price and quantity, and the transaction is completed through platform matching.

Therefore, it is recommended that you protect your devices properly, do not click on some plug-ins or links at will, and beware of being deceived.