A user has lost $1 million worth of cryptocurrency stored in a Binance account after a hacker managed to take control of the account using website cookies.
The user, identified on X (formerly Twitter) as @CryptoNakamao, revealed that he had lost his life savings when an attacker managed to hijack his website's cookies to take control of the Binance account where he stored his funds, without needing to obtain the password or two-factor authentication (2FA).
According to the user, the security breach originated with the Aggr plugin, which allowed the attacker to divert all the funds from his Binance account through counter-operations.
@CryptoNakamao claimed that Binance was aware of the malicious plugin and failed to warn users about the risk of using it. He also stated that the platform had tracked the attacker's address at least 1 month ago, after its current CEO, Richard Teng, reported that the security team had started investigations to resolve the theft of user funds that was reported on March 1, and which was related to this very plugin.
“Binance knew about the issues with the hacker and the plugin, but did nothing or took precautions for several weeks, allowing the promotion to continue, resulting in further financial losses.”, said the user, who for years was loyal to the exchange platform.
Criticism of Binance customer service
On the other hand, the user assured that he did not notice the unusual activity of his Binance account, nor the theft of his cryptocurrency funds, until he decided to access his account to check the bitcoin price.
“I didn’t notice these trades until I regularly opened Binance to check the BTC price an hour and a half later… During the entire process, I didn’t receive any security alerts from Binance”, he commented in his lengthy tweet.
Upon noticing unusual transactions occurring on his Binance account, the user attempted to contact the platform's customer support, stating that he received a slow response from the platform, resulting in enough time for the attacker to steal all of his funds.
@CryptoNakamao noted that the attacker was running several trading operations for a few hours, purchasing tokens on the liquidity-rich USDT trading pair, then placing limit sell orders exceeding the market price on the liquidity-poor QTUM/BTC, DASH/BTC, PYR/BTC, and NEO/USDC trading pairs, among others. The attacker used his account to open leveraged trades, purchase large amounts of tokens, and complete the counter trade.
“The response I got from Binance was that the hacker safely withdrew all his funds from Binance,” he said.
The user claimed that the day after the hack, he received an invitation from a spot market maker due to the high trading volume on his account. However, despite extremely abnormal transactions on multiple trading pairs, Binance failed to apply any risk control measures, freeze his account, or block the funds in time, @CryptoNakamao commented.
A late response
Binance took a day to notify other exchanges about the illegally transferred cryptocurrency funds from @CryptoNakamao's account, the user said, even as he reached out to someone known at the exchange to try to expedite the security response.
Ultimately, the user decided to contact a cybersecurity firm in an attempt to trace and possibly freeze the stolen funds.
Advised cryptocurrency users Do not use Aggr or Google plugins at will, as a recommendation to keep your crypto assets safe, since, although there are not many documented cases in which a plugin has caused a theft of such magnitude, he indicated that they can be as harmful as downloading a fake application with malicious code.
Bit2Me, focused on user security
Following recent reports and complaints against Binance's customer service, it is important to remember Bit2Me's commitment to users, to offer exclusive and quality support available 24/7, allowing people to operate their assets with peace of mind on the platform and with the assurance that they will be attended to at all times.
The Spanish company, certified by the Bank of Spain, has been recognized as 'The Best Cryptocurrency Exchange' at the Rankia Portugal Awards 2024. In addition, it has the triple compliance certification granted by the EQA, Criminal Compliance, Anti-Bribery and Compliance Management System, reinforcing the company's position as a leader in regulatory compliance within the cryptoassets field. Bit2Me has also obtained the ISO/IEC 27001 and ISO 22301 certifications, in its effort to maintain high security standards for users.
