JAKARTA - A Chinese trader lost 1 million US dollars (Rp. 16.2 billion) due to a fraud using a promotional Google Chrome guarantee called Aggr. This chip steals cookies from users, which hackers use to bypass password verification and two-factor authentication (2FA) and log into the victim's Binance account.
A trader known as username X Crypto Nakamao told of the bad experience of losing his life savings in unexpected fraud. On May 24, his Binance account started trading randomly, and he only realized this after opening the Binance app to check the price of Bitcoin.
By the time he sought help from Binance, the hacker had withdrawn all the funds.
Hackers Steal Cookie Data
The trader claims that hackers have accessed its web browser cookies, which they stole through a Chrome browser called Aggr. Traders installed the toilet to access leading merchant data, just to realize that the software is designed to steal user web browsing and cookies data.
Hackers then use the collected cookies to hijack active user sessions without passwords or authentication and perform multiple trades with leverage to raise the price of pairs of currencies with low liquidity and profit from them.
Although hackers cannot withdraw funds directly because of 2FA, they use cookies and active login sessions to generate profits through cross-trade.
SEE ALSO:
Binance Blamed
The trader claims that Binance did not implement essential security measures despite very high trading activity. "In addition, despite receiving timely complaints, the exchange failed to take action to stop this hack," he added.
In its investigation, traders found that Binance had known about the fraud scam for some time and was conducting an internal investigation. Despite knowing the hacker's address and the nature of thekun's fraud, traders claim Binance failed to tell traders or take any action to prevent this fraud.
"Binance is doing nothing despite knowing frequent theft and cross-trade. Hackers manipulate accounts for more than an hour, causing highly abnormal transactions within several currency pairs without risk control; Binance fails to freeze funds from a single account of a clear hacker on the platform on time," said Crypto Nakamao.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)