Crypto Opinions & News Malicious Chrome extension steals crypto from Binance accounts

Disclaimer: Any information contained on this forum is provided as general market commentary, and does not constitute investment, financial, trading or other sort of advice.


Thread author
Staff Member
Jan 8, 2011
A Chinese trader lost $1 million to a hacking scam using a promotional Google Chrome plugin called Aggr. The promotional plugin steals cookies from users, which hackers use to bypass password and two-factor authentication (2FA) verification and log into the victim’s Binance account.

A trader took to X to recount the ordeal of losing their life savings to an unexpected scam. The trader, who goes by the X username CryptoNakamao, said that on May 24, their Binance account started trading randomly, and they only realized this after opening the Binance app to check the Bitcoin price.

By the time he sought assistance from Binance, the hacker had already withdrawn all funds.

Hacker stole cookie data to cross-trade on Binance​

The trader claimed that the hackers had gained access to his web browser cookie data, which they had stolen via a Chrome plugin called Aggr. The trader installed the plugin to access prominent trader data only to realize malicious software was created to steal users’ web browsing data and cookies.

The hacker then used the collected cookies to hijack active user sessions without a password or authentication and carried out multiple leveraged trades to spike the price of low liquidity pairs and profit from them.

The trader explained that even though the hacker couldn’t withdraw funds directly due to 2FA, they used the cookies and active login sessions to make profits through cross-trading.

Response: Binance co-founder denies responsibility for $1M trading loss in hacked account
Look closely; this user’s account was breached because their own computer was hacked; they are a lost cause. After the hack, the hacker could not withdraw funds, so the hacker sold the victim’s coins, which led to trading losses.

Our security team has recently detected multiple security incidents where hackers exploited browser extensions bundled with malicious code to obtain users' exchange account login credentials and operational permissions, ultimately resulting in the loss of users' assets.
  • Like
Reactions: Zero Knowledge

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.