Chrome plugin hack on the loose as hacker utilized a malevolent Chrome extension to breach the account of a Binance user and withdraw cryptocurrency worth one million dollars.
Nakamao, a user based in China, reported on X that the attacker successfully commandeered Binance session cookies using Aggr – a malevolent Chrome plugin. The hacker then proceeded to gain entry into the crypto exchange’s account without requiring any password or two-factor authentication (2FA).
The user was unaware of any issues until he accessed Binance to monitor bitcoin’s price. Upon arrival, Nakamao became aware of unusual trading behavior on the site. It is worth noting that the perpetrator employed methods counteracting detection by utilizing specific trade practices under the platform’s radar.
Basically, the culprits vended tokens at an inflated price from their owned account by purchasing them with Nakamao’s funds.
Then they sold the said tokens in proper market value to earn a profit. In spite of this breach, Binance’s security measures were not notified and as per Nakamao’s statement, he lost one million dollars due to unauthorized access.
The trader sought assistance from security experts when Binance customer support didn’t provide any aid, and they discovered that the attacker employed Aggr Chrome plugin hack- a tool recommended by Nakamao following advice from a crypto influencer.
Nakamao expressed regret over the security measures employed by Binance, asserting that the corporation was aware of a malevolent plugin which supposedly led to gaining unauthorized access to another user’s account on Binance earlier this year.
In hindsight, Nakamao stated that if the hacker had simply withdrawn the funds outright, they would have no comment.
However, given the random cross-trading on Binance and subsequent actions taken by them are unacceptable to him.
This is compounded further as Binance has been investigating both the hack and user plug-in for an extended period of time.
Following the viral post by Nakamao, Binance reaffirmed that their platform had not experienced any security breaches and warned users against installing browser plugins. This was communicated through a message on X.
Although there have been no security breaches on the Binance platform, the crypto exchange urges users to remain alert.
To safeguard your account’s security and data, refrain from installing browser plugins since malicious ones may compromise them according to a statement by Binance.
Writing harmful Chrome extensions that plunder user cookies has become shockingly easy, as we mentioned in a recent article.
Even individuals lacking programming skills can take advantage of ChatGPT to generate malicious code for their own Chrome extension intended to present users’ cookie lists.
This scammers are get more creative