Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 917
- Points
- 113
The hacker gained control of the account of a Chinese trader on Binance, without having a password, and also without 2FA confirmation. After a series of transactions, the attacker withdrew assets worth $1 million.
The incident occurred on May 24. In the process, the investor did not receive any notifications from the security service, according to him.
The experts involved determined that the hacker intercepted the user's session through a malicious plug-in for the Chrome browser called AggrTrade using cookies. Open source software provides aggregator services. The solution is actively promoted by many opinion leaders and some thematic Telegram channels, the trader noted.
On May 29, the team of the original AggrTrade platform warned about a fraudulent extension using its brand. According to them, the scam from 2022 is aimed at Bitget, Kraken, Binance and other exchanges. An active scam promotion campaign involving influencers began in March 2024.
As a result of the incident, the investor had a number of complaints about the work of the exchange's support service. Binance specialists were extremely slow to respond to his requests, the user claims. He contacted the team while the hacker was still active in the account to prevent the withdrawal of funds, but it still happened.
It took Binance employees more than a day to access the KuCoin and Bitcoin exchanges. Gate.io with a request to freeze the stolen assets, which already turned out to be useless.
The user noted that in early March, there were rumors that at least one account on Binance was intercepted using a fraudulent plugin. Allegedly, the incident then caused a reaction from the exchange's CEO Richard Teng, who announced the launch of an investigation. Therefore, the investor believes that the platform team knew about the problem, but did nothing to solve it for a long time.
"The reason I invested a large amount of stablecoins on Binance is because of trust. However, when I was faced with risks, a number of actions of the platform left strange feelings, " he wrote.
OKX user was robbed of $2 million using AI
According to journalist Colin Wu, an OKX trader from Japan has lost more than $2 million in assets.
The attackers acquired his personal data leaked to the network in Telegram. Then they entered the exchange via the investor's email address, claiming a forgotten password.
Hackers also used an AI-synthesized video to change the linked mobile phone number. Thus, they were able to confirm their actions through Google Authenticator.
Within a day, the trader's funds were withdrawn from his account on the exchange.
The incident occurred on May 24. In the process, the investor did not receive any notifications from the security service, according to him.
The experts involved determined that the hacker intercepted the user's session through a malicious plug-in for the Chrome browser called AggrTrade using cookies. Open source software provides aggregator services. The solution is actively promoted by many opinion leaders and some thematic Telegram channels, the trader noted.
On May 29, the team of the original AggrTrade platform warned about a fraudulent extension using its brand. According to them, the scam from 2022 is aimed at Bitget, Kraken, Binance and other exchanges. An active scam promotion campaign involving influencers began in March 2024.
As a result of the incident, the investor had a number of complaints about the work of the exchange's support service. Binance specialists were extremely slow to respond to his requests, the user claims. He contacted the team while the hacker was still active in the account to prevent the withdrawal of funds, but it still happened.
It took Binance employees more than a day to access the KuCoin and Bitcoin exchanges. Gate.io with a request to freeze the stolen assets, which already turned out to be useless.
The user noted that in early March, there were rumors that at least one account on Binance was intercepted using a fraudulent plugin. Allegedly, the incident then caused a reaction from the exchange's CEO Richard Teng, who announced the launch of an investigation. Therefore, the investor believes that the platform team knew about the problem, but did nothing to solve it for a long time.
"The reason I invested a large amount of stablecoins on Binance is because of trust. However, when I was faced with risks, a number of actions of the platform left strange feelings, " he wrote.
OKX user was robbed of $2 million using AI
According to journalist Colin Wu, an OKX trader from Japan has lost more than $2 million in assets.
The attackers acquired his personal data leaked to the network in Telegram. Then they entered the exchange via the investor's email address, claiming a forgotten password.
Hackers also used an AI-synthesized video to change the linked mobile phone number. Thus, they were able to confirm their actions through Google Authenticator.
Within a day, the trader's funds were withdrawn from his account on the exchange.
