UPDATED: Several Binance users have reported losing millions of dollars due to account hacks in a distressing development for the cryptocurrency community. The news came to light when Chinese cryptocurrency journalist Colin Wu tweeted about a series of hacks that have affected users of the platform.
Wu's tweet highlighted the case of a Chinese user who lost $1 million after downloading a Google plugin promoted by Key Opinion Leaders (KOLs) called Aggr. The attack occurred on May 24 and was facilitated through cross-trading, a technique where hackers exploit hijacked cookies to bypass password and two-factor authentication (2FA) verification.
Another Binance user experienced a similar fate on March 1, suffering significant financial loss. The hackers used the same method of hijacked cookies to gain access to the victim's account, indicating a well-coordinated and persistent attack strategy.
Binance user questions platform
One of the victims, known as Nakamao, shared his harrowing experience on X, revealing the emotional and financial toll of the incident. He recounted that he became a victim of an undercover agent in the crypto circle, and $1 million in his Binance account was wiped out.
Nakamao’s investigation, conducted in collaboration with a security company, uncovered alarming details. He realized that he had fallen victim to an elaborate scheme involving an undercover agent in the community. Nakamao's account of the incident also raised serious concerns about Binance's response and security measures. He noted several critical points in the timeline of events.
For instance, Binance was reportedly aware of the hacker and the compromised plugin for weeks but did not take immediate action, allowing further financial losses. Despite recognizing the theft and abnormal cross-trading activities, Nakamao says that Binance failed to implement adequate risk controls, allowing hackers to manipulate accounts for over an hour.
According to the user, Binance did not promptly freeze the hacker’s account, missing the opportunity to prevent further unauthorized transactions. Nakamao further revealed that it took Binance more than a day to contact relevant platforms to freeze transactions, further delaying the mitigation of losses.
These revelations have sparked a wave of concern and criticism within the cryptocurrency community, with many users questioning the platform's ability to safeguard their assets.
Binance has responded to the user's post on X with new information regarding the incident.
According to Binance, the impacted user had assumed a separate incident from 1st March was due to the fraudulent “aggr.trade“ plugin based on a X post dated 28th May.
The investigation of that incident did not find any such plugin based on the data and material provided to the exchange at that time. Prior to the X post a community influencer had alerted Binance to the plugin on 27th May and we immediately implemented additional security measures.
Binance also noted that it’s in contact with the impacted user to provide assistance and support, and take this opportunity to remind all users to always stay vigilant.
The exchange encourages the community to report potential vulnerabilities through our Bug Bounty Program, which leverages and rewards crowdsourcing to help raise awareness of potential threats earlier. Furthermore, Binance always advises users to stay vigilant but unfortunately this is an incident where a user fell victim to a fraudulent plugin.
The incidents show the importance of heightened security measures and prompt action in the face of emerging threats.