Binance User Loses $1 Million Worth of Cryptocurrency

A Chinese trader lost $1 million to a hacker scam using a Google Chrome adware plugin called Aggr. The plugin steals cookies from users, which are then used by hackers to bypass passwords, verify two-factor authentication (2FA), and log into the victim’s Binance account.

A Nakamao user shared the details of this incident on the social network X. On May 24, the trader noticed unusual trading activity in his account. The crypto hacker was making large trades on the USDT pair with high liquidity and placing limited orders for sale at inflated prices in pairs with limited liquidity. In this way, the hacker made significant profits without triggering any alerts from Binance. Additionally, he added that the exchange’s delay in contacting other platforms to freeze the hacker’s funds led to a loss of opportunities to recover the stolen assets.

Despite Nakamao’s immediate attempts to contact the exchange’s support team, the attacker continued to manage the victim’s account, eventually successfully withdrawing all funds. The trader expressed frustration with Binance’s slow response and lack of effective risk control, which left the hacker’s apparent arbitrage operations unchecked.

Nakamao also noted that Binance had been aware of the malicious plugin and the hacker’s activities for some time. However, the exchange did not take immediate action to warn users or stop the promotion of Aggr.