Cryptocurrency traders are facing a new threat – hackers exploiting a malicious Google Chrome extension called “Aggr” to gain unauthorized access to their Binance accounts and funds.
How the Hack Works
- Users are tricked into installing the Aggr extension, disguised as a tool to access data from popular traders.
- However, the extension is actually malware that steals browser cookie data from the victims.
- With the cookie data, hackers can bypass password and two-factor authentication (2FA) to log directly into the user’s Binance account.
- Once in the account, hackers employ a “cross-trading” scheme to drain the funds.
A $1 Million Theft
One Chinese trader, going by “CryptoNakamao” on X (Twitter), recently lost over $1 million in life savings to this Aggr extension hack.
On May 24th, CryptoNakamao’s Binance account suddenly started making random trades without their approval. By the time they contacted Binance support, the hackers had already withdrawn all funds.
CryptoNakamao explained that the hackers used the stolen cookie data to maintain an active login session, circumventing password and 2FA requirements.
The Cross-Trading Scheme
Here’s how the cross-trading theft works:
- Hackers buy tokens with abundant liquidity, like Tether (USDT) pairs
- They place drastically overpriced sell orders for the same tokens in low-liquidity pairs like BTC and USDC
- Leveraged positions are then opened to buy up the overpriced orders
- This artificially inflates the token price across the low-liquid pairs
- Hackers profit by selling the tokens at inflated rates
Despite abnormal trading activity, CryptoNakamao claims Binance failed to implement security measures or freeze the hackers’ funds promptly.
Victim Blames Binance
CryptoNakamao alleges that Binance was already aware of the fraudulent Aggr extension and investigating it, but did not adequately warn users:
“Binance did nothing even though it knew of the theft and frequent cross-trading. Hackers manipulated accounts for over an hour…without any risk control; Binance failed to freeze the funds of the obvious hacker’s account on time.”
Binance has not publicly responded to the allegations at this time.
Protecting Your Funds
To avoid falling victim to attacks like this:
- Never install unverified browser extensions, especially those claiming trading advantages
- Use unique passwords and 2FA for all exchange accounts
- Monitor accounts closely for any unauthorized activity
- Report suspicious activity to exchanges immediately
The Aggr extension hack highlights how malicious apps and code can be disguised as helpful trading tools to steal data and funds. Staying vigilant is critical for crypto traders.
Disclaimer
FAQ
The Aggr extension tricks users into installing it by posing as a tool for accessing data from popular traders. Once installed, it steals browser cookie data to bypass password and 2FA, allowing hackers to log directly into the user's Binance account and employ a cross-trading scheme to drain funds.
Hackers buy tokens with high liquidity and place overpriced sell orders for the same tokens in low-liquidity pairs. They then open leveraged positions to buy up the overpriced orders, artificially inflating the token price, and profit by selling at the inflated rates.
If you suspect your account has been hacked, contact Binance support immediately, change your account passwords, enable 2FA if not already done, and monitor your account for any further unauthorized activity.
