Cryptocurrency Trader Incurs $1 Million Loss Due to Exploit in Chrome Extension

A victim of cryptocurrency theft shared that a Chrome browser extension exploit resulted in the loss of most of their funds held on Binance. The trader voiced concerns over the exchange’s delayed response, which he believes allowed the theft of his assets to occur.

Chrome Extension Scam Leads to $1 Million Crypto Theft

Doomxbt, a cryptocurrency investor, detailed a distressing event in late February where he witnessed the depletion of his $70,000 Binance account in real-time, powerless to intervene. The investor received multiple notifications about orders being executed on his account and immediately reached out to Binance’s support team, yet his account balance was reduced to zero as he watched on helplessly.

The Binance user initially could not understand the breach considering he had two-factor authentication (2FA) and could log into his own account. Binance CEO Richard Teng stated that the exchange’s security team was actively investigating the cause of these incidents.

Despite the ongoing investigation, the episodes of theft continued, culminating in a Chinese trader reporting a massive $1 million loss. Intent on raising awareness within the cryptocurrency sphere, the trader divulged his encounter with noxious malware in a post on X.

CryptoNakamao, another affected Binance user, stated that on May 24, unknown transactions swept through his account. The autorized trading came to light when he checked the Bitcoin price, only to find his account displaying frenzied trading activity.

$1 million in crypto vanished, Chinese trader claims. Source: CryptoNakamao

Like Doomxbt, Nakamao contacted customer support without delay but attributes the response time to the success of the theft. Nakamao consequently took it upon himself to investigate the cause of the security breach.

Through his examination, it was discovered that the malicious Aggr Chrome extension had compromised his browser and cookie information.

The infiltrator was then able to seize control of the victim’s active Binance session, bypassing the need for a password and 2FA. In possession of the account, the attacker performed a series of trades involving low liquidity pairs such as QTUM/BTC, DASH/BTC, and PYR/BTC, creating spiked prices to profit.

Response from Binance on Allegations

Nakamao openly expressed his dismay with Binance’s support, expecting a more robust response. He also accused the exchange of allowing the attack to persist under the guise of an ongoing investigation.

Nakamao learned of the Chrome plugin from an influential figure that was purportedly paid to promote it. In his statements, he claimed that Binance was previously aware of the dubious plugin and had communicated with the influencer for additional intelligence on the hacker:

The plugin’s existence had long been on Binance’s radar. They had previously tasked the KOL to extract further information from the hacker. Tragically, while the plugin’s promotion escalated, my funds were siphoned. Binance had locked onto the cyber thief’s address weeks before and had even acquired knowledge of the plugin’s name and link through the KOL. However, by not timely suspending the plugin, to continue their hunt for the hacker without alarming them, I ended up becoming a victim.

Binance rebuffed the claims, stating that they only became aware of the Aggr plugin after Nakamao’s incident and could not connect it to Doomxbt’s case. Moreover, they denied knowledge of the influencer’s promotion activities and pledged closer scrutiny.

Community members had begun warning about these new exploit techniques a week prior.

We empathize with your plight, but based on current knowledge, your loss occurred due to a device compromise from installing a malicious plugin. Regrettably, it falls outside of our scope to compensate for an incident unrelated to Binance’s control.

In a three-day trading chart, Bitcoin stands at $69,142. Source: BTCUSDT on TradingView

Featured Image courtesy of Unsplash.com, Chart courtesy of TradingView.com