đ How could a hacker steal $1 million from a Binance account without hacking the account itself?
A recent scam story shared by a Chinese user revealed a new way to steal funds.
Victim Summary:
â On May 24, I was traveling home from work with my computer and phone with me.
â During this time, there were intensive operations on my account that I was unaware of. Pairs like QTUM/BTC rose by 21%, DASH/BTC by 27%, PYR/BTC by 31%, and NEO/USDC by 22%, all due to purchases made from my account.
â I didn't know about these transactions until I accidentally opened my Binance account to check the BTC price.
â Experts later explained that the hacker had compromised my website's cookies and manipulated asset prices using my account.
â The hacker, by controlling the prices of assets in my account, made money and successfully withdrew it from Binance. When I contacted support, the funds had already been withdrawn.
â The culprit was a Chrome extension called Aggr.
â The attack works as follows: when you install and use the malicious plugin, the hacker can collect your cookies on their server and use them to intercept sessions of active users, impersonating you.
â No need to hack password or 2FA. Chrome web extensions can be just as dangerous as downloading malicious apps.
â Throughout the entire process, Binance staff responded slowly and did not help recover losses.