A cryptocurrency investor experienced a security breach, resulting in the loss of approximately $1 million from their Binance account. The incident unfolded without the hacker needing the account password or two-factor authentication (2FA), employing a sophisticated “counter-trading” technique that manipulated market trades.
Upon investigating the breach with a security firm, the victim discovered that an undercover agent within the cryptocurrency community was responsible for the theft. The agent used a seemingly benign Chrome extension recommended by trusted figures to hijack the victim’s trading session and execute unauthorized transactions.
我成了币圈卧底的牺牲品,币安账户里100万美元灰飞烟灭直到现在我整个人还是懵的,这几乎是我这几年全部的积蓄。… pic.twitter.com/sSNUTXFZsc
— Nakamao🫡 (@CryptoNakamao) June 3, 2024
How the Attack Was Executed
The hacker manipulated the victim’s account by hijacking web cookies to gain control. They then aggressively bought and sold cryptocurrencies in low-liquidity trading pairs, creating artificial market movements. The victim’s account showed large purchases in QTUM/BTC, DASH/BTC, PYR/BTC, ENA/USDC, and NEO/USDC, significantly altering their prices.
Despite immediate reports to Binance, the platform’s response was criticized for its slowness and inefficiency. The stolen funds were quickly moved off the exchange before any preventive action could be taken, raising significant concerns about the exchange’s risk management and security protocols.
Further investigation highlighted the role of the “Aggr” Chrome plugin, which had been covertly collecting user data and enabling session hijacking. Although the platform was aware of the plugin from a previous security alert, its potential threat was not communicated to the users promptly.