- Binance has distanced itself from a user’s claim that it’s responsible for his account being hacked
- The user claimed that he lost roughly $1 million in a counter-trade operation orchestrated by a hacker
- The hacker accessed the user’s Binance account by hijacking his active web session
The Binance crypto exchange has refuted claims that it’s responsible for losses incurred by a user after his account was hacked. The user disclosed that he lost roughly $1 million to a hacker who took control of his live web sessions when accessing his account. Binance said that the user bears the burden because the hacker gained access to his account after the Binance user downloaded a malicious Google Chrome plugin, a sign that hackers are going the extra mile to steal funds.
A Malicious Google Chrome Extension
According to Binance co-founder Yi He, the exchange played its part by making it impossible for the hacker to withdraw the funds directly from the user’s account.
The crypto exchange user disclosed that the hacker used the counter-trade method to steal the funds. Explaining how this was possible, he said that he downloaded a Google Chrome extension to enable him to access premium trader data.
The extension, however, installed a malicious program that allowed the hacker to steal his browsing history and cookie data, enabling them to control active browsing sessions, including activities on the exchange, without going through the authentication process.
Since the hacker couldn’t withdraw funds directly from the user’s account, he used the funds in the account to boost the liquidity of low-volume coins and then traded the coins from another account.
The Binance user wasn’t satisfied with the exchange’s explanation, saying that the exchange had been aware of this trick and the compromised Google Chrome extension for a while, but hasn’t warned the community about it.
No Compensation
The exchange added that it would not compensate the user since the loss “has nothing to do with Binance.”
Hijacking active web sessions by exploiting browser information adds to more ways malicious actors are using to steal funds. Other popular ways include posing as legit DeFi protocol developers, job recruiters and forming romantic relationships.
Although the user won’t be compensated, the incident helps unearth more ways hackers can siphon funds from user accounts.
