Security incidents are not uncommon in traditional finance, but they are even more common in the dark and anonymous world of the cryptocurrency community. Data shows that in just the past month of May, there were 37 typical security incidents in the crypto world, resulting in a total loss of $154 million due to hacker attacks, phishing scams, and Rug Pull, an increase of about 52.5% compared to April.
On June 3rd, two security incidents occurred again, both of which were associated with large exchanges, and the processes were quite bizarre. However, in the end, there were winners and losers in the stories.
A user named Nakamao posted a long article on Platform X, which spread like wildfire. In the article, Nakamao mentioned becoming a victim in the crypto world, losing $1 million in their Binance account. The story unfolded with hackers stealing all the funds from the account without having the Binance account password or two-factor authentication (2FA) instructions.
The theft method used in this case, known as wash trading, involves large trades in illiquid trading pairs, where the buyer takes over the seller’s altcoins. The hacker managed to steal funds from accounts associated with trading pairs like QTUM/BTC, DASH/BTC, PYR/BTC, ENA/USDC, and NEO/USDC without the users noticing until more than an hour later.
According to the security company’s response, the hacker manipulated user accounts by hijacking web cookies, taking advantage of stored terminal data. The incident involved a Chrome plugin called Aggr, which allowed malicious extensions to log into trading accounts, access user information, and conduct transactions.
In response to these incidents, the cryptocurrency community has engaged in extensive discussions about security measures on exchanges. It is crucial for users to enhance their security awareness, use separate devices for operations, and be cautious with plugins, especially when dealing with large assets.