A Chinese trader who trades under the pseudonym CryptoNakamao was defrauded of $1 million after falling for a hacking scam that involved a fake Google Chrome plugin called Aggr. This scam shows that there are critical flaws in the security of online trading and questions the liability of trading platforms to customers.
On May 24, CryptoNakamao realized the strange trading activities in his Binance account. At first, he was not sure what had happened but he later discovered that through the Aggr plugin hackers had stolen his web browser cookie data. This plugin, which was advertised as a program to display information about popular traders, was a virus that aimed at capturing users’ web activity and cookies.
From the stolen cookies, the hackers were able to overcome the basic security measures of passwords and 2 Factor Authentication to take over users’ sessions. They engaged in multiple leveraged trades in which they used low liquidity pairs to control the price and make profits from the trades.
Although they could not withdraw the funds directly because of the 2 Factor Authentication, the hacker remained active through the compromised sessions and performed cross-trading operations. They used high liquidity tokens and posted sell orders at artificially high prices in pairs with low liquidity, and then they earned good money this way.
CryptoNakamao accuses Binance of not having implemented basic security features and of ignoring his complaints. The trader stated that Binance had knowledge of the fraudulent plugin and was conducting an internal investigation but failed to notify the users or prevent it. He accused Binance of not freezing the hacker’s account when they saw that there was unusual trading activity and transactions. This failure to act promptly enabled the hackers to wreak havoc on the platform for more than an hour and cost the company a lot of money.
The $1 million scam highlights critical security flaws. This incident has raised concerns over the liability of trading platforms like Binance in protecting users. The breach has undermined trust in online trading, potentially deterring new investors and prompting existing ones to reevaluate their security measures. Binance faces scrutiny for its delayed response and lack of proactive measures, which may damage its reputation and lead to tighter regulations. Overall, this Crypto scam emphasizes the urgent need for enhanced security protocols to safeguard user assets in the crypto market.
As per CoinGabbar, this incident underscores the importance of robust security measures and prompt action by trading platforms to protect their users. While the trader's installation of a malicious plugin initiated the breach, the responsibility also lies with Binance for not effectively monitoring and responding to suspicious activities. This event serves as a cautionary tale for traders to be vigilant about the tools they use and for platforms to enhance their security protocols to prevent such scams in the future.