Binance User Loses $1M Worth Crypto By Cross-Trading

LUCKNOW (CoinChapter.com) — A crypto trader has revealed account takeover incident on Binance. The victim with username CryptoNakamao on X, lost $1 million in crypto assets after falling prey to a malicious Chrome browser extension dubbed “Aggr.”

How Hackers Cracked Open Binance Accounts

The rogue extension, which was promoted as a tool to access prominent trader data. However, this extension has a sinister core – it is designed to steal browser cookies from unsuspecting users. These cookies contain sensitive information. Hackers used these information to gain unauthorized access to accounts without the need for passwords.

One Chinese trader fell victim to this nefarious scheme and lost $1 million in cryptocurrency from their Binance account. On May 24, they noticed unusual trading activity on their account. Then he quickly realized that a hacker had gained access and was rapidly draining their funds.

The Cross-Trading Manipulation Technique

Even with 2FA enabled, the hackers found a way to profit from the stolen cookie data. They employed a sophisticated cross-trading technique, leveraging the stolen sessions to manipulate prices across multiple trading pairs on Binance. By inflating prices in low-liquidity pairs and taking advantage of the price disparities, the cybercriminals were able to siphon substantial profits from the victim’s account.

The hackers achieved this by buying tokens in high-liquidity pairs like Tether (USDT) and then placing inflated limit sell orders in low-liquidity pairs like Bitcoin (BTC) and USD Coin (USDC). They would then open leveraged positions and buy a large amount of the asset. He completed the cross-trade and made profit from the price manipulation.

Binance Under Fire — Exchange Accused of Negligence

CryptoNakamao claims that despite being aware of the “Aggr” plugin’s malicious nature and an ongoing internal investigation, Binance failed to take timely action to prevent the theft or inform traders about the potential threat. The trader alleges that Binance did not implement adequate security measures or freeze the hacker’s account. This allowed unauthorized transactions to continue for over an hour across multiple currency pairs without any risk control measures in place.

The trader expressed frustration, stating:

Binance did nothing even though it knew of the theft and frequent cross-trading. Hackers manipulated accounts for over an hour, causing extremely abnormal transactions in multiple currency pairs without any risk control; Binance failed to freeze the funds of the obvious hacker’s single account on the platform on time.