Hackers steal a million dollars from Binance user
One million dollars were withdrawn from a user’s Binance account, managing to evade standard security measures established on the exchange, such as passwords and two-factor authentication (2FA).
According to the story told in X by the platform user identified as Nakamao, hackers stole your funds, managing to evade all verification methods used. A situation during which “I did not receive any security reminder from Binance,” as the Chinese trader explains.
Nakamao assures that upon realizing that they were operating from his account, without his authorization, contacted the platform’s security team, but the answer was not satisfactory.
After realizing that my account had been stolen, I contacted customer service immediately, but during the process, the hacker continued to operate my account. It stands to reason that the hacker’s funds should still remain on the platform, but the response I received from Binance was that the hacker safely withdrew all of his funds from Binance.
Nakamao, Binance user.
In his story Nakamao complains that Binance was late more than a day to notify the Kucoin and Gate exchanges to freeze the money stolen and transferred by the hackers. In that sense, it does not indicate Which were cryptocurrencies involved in the robbery.
«I am a loyal Binance user and have been trading for many years. This really disappointed me. “Is this really trying to help users recover their funds?,” she expressed. In this regard, CriptoNoticias requested comments to the Binance team and is awaiting a response.
The investor adds that, through a cybersecurity team that he consulted, he monitored the movement of the funds extracted from his account and that is how he learned that the theft had to do with a Fake version of Chrome plugin identified as Aggr. the same works by manipulating data of the cookies stored by the websites that users visit on the Internet.
According to reports from cybersecurity experts, the malicious plugin was first discovered last March by Binance trader doomxbt, after a loss of USD 70,000 due to suspicious activity. The fake app collects all cookies, allowing hackers to reconstruct passwords and keys, especially for Binance accounts.
Therefore, the recommendation to users is avoid downloading and using unverified third-party plugins, especially those promoted by influential figures (known as key opinion leaders or KOLs). This, taking into account that hackers are using social networks to encourage downloads of malicious software.
This is a situation that, in Nakamao’s opinion, is known to the exchange. Hence, in his post he extends his complaint about Binance’s lack of information about the malicious plugin and about the recommendations made by the KOLs.
This case was taken into account by the Binance team to make recommendations (although the user is not directly cited). In a security announcement published on X this June 3, the platform reiterates the advice of do not install browser pluginsas a measure to safeguard the accounts.
We recommend all users take the following security measures: Only install the official Binance app or use a clean web browser, without any third-party plugins, to access the official Binance website. Please log out of the Binance website after using it.
Binance message on X.
As this medium has reported in several of its publications, among the security measures recommended to avoid these thefts is also the do not use exchanges to store cryptocurrencies, especially if they are amounts like the ones this user saved on the platform.
