Browser Plugin Installation Hacked for Million Dollar Loss Victim Accuses Binance Made Me a Sacrifice

Contents
Toggle
Browser Plugin Leads to Binance Account Hacked for Millions of Dollars
OKEx Reports New Attack Method
User X, Nakamao, disclosed on a social media platform that his Binance account was hijacked by hackers without his knowledge, resulting in substantial abnormal trading activities and ultimately causing nearly $1 million in losses.
Reportedly, the hackers did not obtain the victim’s password or two-factor authentication messages, but instead hijacked the victim’s web page cookies through a malicious Chrome plugin called “Aggr,” and used these cookies to manipulate the victim’s Binance account. The hackers, unbeknownst to the victim, conducted a large number of wash trades on Binance, using the victim’s account to buy and sell a large amount of cryptocurrencies, causing abnormal price fluctuations and profiting from them.
Nakamao claimed that despite contacting Binance customer service immediately and attempting to stop the hackers’ further actions, Binance’s response was slow in the handling process, failing to promptly freeze the hacker’s account or restrict its operations, allowing the hackers to safely withdraw the funds obtained.
Furthermore, it was discovered after contacting the KOL who initially promoted this malicious Chrome plugin “Aggr” that Binance had known about the existence of this plugin early on, and had traced the hacker’s address at least 3-4 weeks ago, but chose not to timely notify the community to suspend the product in order to gather more information about the hacker and avoid alerting them. Nakamao wrote on X:
“This incident not only caused significant economic losses to the victims personally but also impacted the trust within the cryptocurrency community, sounding the alarm about digital asset security, reminding all cryptocurrency users to remain vigilant about the security of their accounts, and to use third-party applications or plugins cautiously.”
On the other hand, according to a report from “Wu Shuo Blockchain,” on June 3, a member of the Japan End Community claimed that scammers had purchased all of his personal information on Telegram, then used the exchange’s forgot password function to change his phone number, email, and even Google Authenticator through AI-generated images, resulting in over $2 million in assets lost from his OKEx account within 24 hours. Users must be aware of these potential risks.