Binance Co-Founder Denies Responsibility for $1M Trading Loss in Hacked Account; the alleged breach occurred through the Google Chrome extension Aggr, which saves cookie login information, raising concerns about third-party security vulnerabilities
Yi He, co-founder of the cryptocurrency exchange Binance, has refuted allegations that a $1 million loss of cryptocurrency from a single user account resulted from a platform security compromise. On June 3, the co-founder of Binance penned:
“Look closely; this user’s account was breached because their own computer was hacked; they are a lost cause. After the hack, the hacker could not withdraw funds, so the hacker sold the victim’s coins, which led to trading losses.”
Nakamao, a cryptocurrency trader, claimed the same day that their entire account balance had been lost via “counter-trading” without obtaining the password or two-factor authentication instructions for his Binance account. Nakamao continued, “The security firm informed me that the hacker was controlling my account by holding my web cookies hostage.”
Nakamao elaborated that the hacker “purchased the corresponding tokens in the USDT trading pair, which exhibited ample liquidity, and executed limit sell orders surpassing the market price in the BTC, USDC, and other trading pairs characterized by limited liquidity.”
Following that, the hacker executed a substantial volume of leveraged wagers against a counterparty, resulting in losses of approximately $1 million due to the erroneous execution of the transactions. “During the whole process, I did not receive any security reminders from Binance,” reports Nakamao.
Nakamao claims that unauthorized leveraged trades in his account led to wild upswings and downswings in the price of some altcoins
During the incident, Binance’s customer service asserts that “a hacker stole your account login status via a plug-in and impersonated you to conduct operations and transactions.” The exchange reportedly processed Nakamo’s request to suspend his account “1 minute and 19 seconds” after receiving it. Nonetheless, the hacker had completed several leveraged transactions in the compromised account by that time:
We sympathize with your experience, but according to the information we have learned so far, the reason for your asset loss is that your related devices were manipulated because of the installation of malicious plug-ins. Unfortunately, we have no way to compensate for such cases that have nothing to do with Binance
Nakamao appeared to disagree with the evaluation, subsequently asserting:
“It turns out that Binance knew about the existence of this plugin a long time ago, and even encouraged the KOL to get more information from the hacker. My account was stolen when the plugin was further promoted. Binance tracked down the hacker’s address at least 3 or 4 weeks ago, and also obtained the name and link of the plugin from the KOL.”
The Binance Yi Subsequently, he cautioned users against accessing accounts via active cookie extensions to avoid the minor inconvenience of re-entering their passwords for each login: “Binance is unable to provide compensation to users if their login devices are compromised,” she explained.
Former Chinese television anchor Yi He is one of two women leading the largest cryptocurrency exchanges in the world; the other is Gracy Chen, the CEO of Bitget. He declared in April that the sentencing of her spouse, former CEO and co-founder of Binance Changpeng Zhao, for money laundering offenses in the United States resulted in the “most favorable outcome.”