Cryptocurrency theft is on the rise, with hackers exploiting Google Chrome extensions to hijack accounts without passwords or two-factor authentication codes.
A recent case involving a $1 million theft from a BINANCE user highlights the sophisticated methods employed by cybercriminals.
Discover the details of this incident, the response from BINANCE, and essential security measures to safeguard your cryptocurrency investments from similar threats.Stay informed and protect your assets in the volatile world of digital currencies.
Contents
Account Hijacking Leading to $1 Million Theft
A personal investor using BINANCE fell victim to an account hijacking incident, resulting in a theft of $1 million, after using a Google Chrome extension called Aggr.
The incident was reported by a Chinese trader with the X account handle "@CryptoNakamao" on June 3, 2024.
According to the trader, the perpetrator managed to hijack the BINANCE account without needing the account password or the two-factor authentication (2FA) code. The trader shared this information to prevent others from making the same mistake.
Overview of BINANCE Account Hijacking
Account Hijacking Using Chrome Extensions
This account hijacking was not a simple case of leaked login information. Instead, it involved accessing web browser cookie(*1) data through the Google Chrome extension Aggr, allowing unauthorized control of the BINANCE account.
(*1) Cookies: Information saved in your browser by the websites you visit, stored on your smartphone or computer.
Specifically, the malicious extension collected cookie information and used it to hijack the BINANCE account without needing the password or 2FA code.
Aggr, previously promoted by celebrities and Telegram channels, was designed to steal users’ web browsing data and cookies.
Despite having 2FA set up, as recommended in the cryptocurrency industry, the trader's account was compromised after installing this extension.
Stealing assets from a BINANCE account requires various passwords, including an "email verification code" and "2FA code."
The perpetrators bypassed this by trading low-liquidity cryptocurrencies from the victim's account, simultaneously trading the same cryptocurrencies from their account.
Though complex, this method allowed attackers to create significant losses for the victim’s account while generating substantial profits for their own.
Criticism of BINANCE's Response
The trader contacted BINANCE customer service upon realizing the hijacking. However, it took over a day to freeze the hacker's funds, by which time the funds had already been transferred.
The trader also revealed that BINANCE had been aware of the fraudulent extension and had conducted internal investigations but failed to provide appropriate notifications or actions.
Despite pointing out the issues in BINANCE's response, the trader emphasized respect for the BINANCE team and stated there was no intent to malign them.
BINANCE's Explanation
BINANCE issued an official statement explaining that identifying suspicious accounts and freezing requests across multiple platforms takes time. They noted the need to sift through over 1,600 counterparties and more than 8,000 transactions to pinpoint suspicious activity.
BINANCE clarified that, due to the installation of a malicious extension by the trader, they could not offer compensation in this case. They advised users to:
- Only use the official Binance app or a clean browser without extensions when accessing the BINANCE website.
- Exit apps or browsers with financial data promptly after use to avoid online exposure.
Lessons from the Incident
This incident, involving a BINANCE user who installed the Aggr Chrome extension, highlights the ongoing threat of cryptocurrency theft through similar methods. Cryptocurrency holders using browser extensions should remain vigilant.
Various browser extensions, including wallet-related ones, exist in the cryptocurrency world. However, the emergence of extensions similar to Aggr is a possibility.
Users of other cryptocurrency exchanges, not just BINANCE, also face the risk of account hijacking through similar methods.
Numerous fraudulent apps and extensions targeting cryptocurrency theft are reported annually. Therefore, cryptocurrency holders should avoid installing unnecessary apps or extensions and periodically remove unused ones.
-
Ethereum Co-Founder Tackles Self-Management Risks with Multisig Cryptocurrency Management
Discover how Ethereum co-founder Vitalik Buterin manages over 90% of his assets using multisig to mitigate self-management risks in cryptocurrency. Explore the benefits and considerations of this secure approach.
続きを見る