Recently, the affected user, known as Nakamao, told the public about the hacking of his account on Binance. By downloading a Google plugin called Aggr, the trader suffered significant financial losses.
Amid growing customer concern, Binance co-founder Yi He explained that the loss of crypto assets was due to a hacked user's personal device, and not because of a "breach" in Binance's security systems. He stressed that the theft occurred after the hacker gained access to the client's account on the exchange through a malicious plugin.
Binance support promptly froze the compromised user account within one minute and 19 seconds of receiving the request. Even despite the prompt actions of the Binance team, the hacker has already managed to conduct some transactions using leverage, He regrets.
Nakamao claimed that Binance had long known about the malicious plugin, and reproached the exchange for not warning users about it. According to the injured trader, it was Binance's inaction that allowed the hacker to compromise the account. The management of Binance denied these accusations, saying that it was unaware of the threat posed by the plugin, and after its discovery, the exchange immediately took the necessary actions.
Yi He also urged customers to take measures to ensure their own security, especially when logging in and using plugins. He stressed that Binance cannot be held responsible for incidents that arose due to user negligence.
A few months ago, SlowMist analysts warned that the vulnerability of WordPress plugins could cause attacks on cryptocurrency wallets and theft of crypto assets.