According to Slowmist, there were a total of 32 security incidents recorded in May, with losses exceeding $429 million. Recently, security incidents targeting trading accounts have been frequent, with alarming new attack methods sparking widespread discussion among cryptocurrency industry users.As ordinary users, how can we ensure the security of our trading accounts and avoid asset loss? WikiBit has compiled two recent shocking attack incidents.
Binance Account Theft Incident
Yesterday, a user on platform X, @CryptoNakamao, reported that $1 million was stolen from their Binance account without any risk control alerts. Hackers collected the user's cookies through a plugin and impersonated them, transferring funds via "wash trading" without obtaining the user's Binance account password or 2FA.
According to a security company, hackers manipulated @CryptoNakamao's account by hijacking web cookies. They bought tokens in highly liquid USDT trading pairs and placed above-market limit sell orders in less liquid BTC, USDC pairs. Finally, they opened leveraged trades using @CryptoNakamao's account, making large excess purchases to complete the wash trading. The hacking operations included pairs like QTUM/BTC, DASH/BTC, PYR/BTC, ENA/USDC, and NEO/USDC, showing abnormal prices at the corresponding times.
OKX Account Theft Incident
Compared to the Binance user's loss due to cookie hijacking by a trojan plugin, the OKX account theft is even more alarming. According to the user, on May 1, they received a platform notification and tried to log in, only to find their account had been deleted.
Investigations revealed that the hacker accessed the user’s email, clicked on "forgot password," and bypassed the user’s firewall with an AI-generated video. Unbeknownst to the user, the hacker changed the phone number, email address, and Google Authenticator associated with the account. Within 24 hours, all assets were lost. The user has reported the incident to the authorities and has made some progress.
WikiBit Commentary
Previously, most theft incidents were due to phishing links or contract vulnerabilities. These two incidents are representative of new hacker methods, requiring users to invest more effort and time in securing their funds. To reduce the risk of theft, users should:
Ensure mobile device security before using trading apps, avoid installing untrusted third-party apps, and download apps only from official stores and channels.
Maintain PC security when logging into platforms, install necessary antivirus software, avoid installing untrusted third-party applications, and refrain from adding untrusted browser extensions.
Clear cookies and log out of accounts after use, and ensure no unsafe browser plugins are downloaded.
