A Chinese trader lost $1 million to a hacking scam using a promotional Google Chrome plugin called Aggr. The promotional plugin steals cookies from users, which hackers use to bypass password and two-factor authentication (2FA) verification and log into the victim’s Binance account.
A trader took to X to recount the ordeal of losing their life savings to an unexpected scam. The trader, who goes by the X username CryptoNakamao, said that on May 24, their Binance account started trading randomly, and they only realized this after opening the Binance app to check the Bitcoin price.
By the time he sought assistance from Binance, the hacker had already withdrawn all funds.
Hacker stole cookie data to cross-trade on Binance
The trader claimed that the hackers had gained access to his web browser cookie data, which they had stolen via a Chrome plugin called Aggr. The trader installed the plugin to access prominent trader data only to realize malicious software was created to steal users’ web browsing data and cookies.
The hacker then used the collected cookies to hijack active user sessions without a password or authentication and carried out multiple leveraged trades to spike the price of low liquidity pairs and profit from them.
The trader explained that even though the hacker couldn’t withdraw funds directly due to 2FA, they used the cookies and active login sessions to make profits through cross-trading.
Response: Binance co-founder denies responsibility for $1M trading loss in hacked account
Look closely; this user’s account was breached because their own computer was hacked; they are a lost cause. After the hack, the hacker could not withdraw funds, so the hacker sold the victim’s coins, which led to trading losses.
Our security team has recently detected multiple security incidents where hackers exploited browser extensions bundled with malicious code to obtain users' exchange account login credentials and operational permissions, ultimately resulting in the loss of users' assets.