- Binance co-founder Yi He denies responsibility for a user’s $1 million trading loss due to a hacked account, claiming the user’s computer was compromised by a malicious plugin.
- A trader named Nakamao alleges that a hacker executed leveraged trades on their Binance account without accessing the password or two-factor authentication, resulting in a loss of nearly $1 million.
- Binance states that while it sympathizes with the user’s experience, it cannot compensate for losses caused by compromised devices or malicious plugins installed by the user.
A Binance user recently had their account hacked, resulting in over $1 million in trading losses. Binance co-founder Yi He has denied responsibility, stating that the loss was due to the user’s own computer being compromised.
User’s Account Breached Due to Malicious Chrome Extension
The user, known as Nakamao, claims their account was breached due to the Google Chrome extension Aggr saving their Binance login cookie information. After the breach, the hacker allegedly manipulated Nakamao’s account by buying tokens with high liquidity and placing limit sell orders below market price on illiquid trading pairs.
Hacker Exploits Account to Make Risky Leveraged Bets
The hacker then made a series of leveraged bets against a counterparty. As the trades went the wrong way, this led to nearly $1 million in losses. Nakamao claims they received no security warnings from Binance during the unauthorized trading.
Binance Blames User’s Own Device Compromise
Binance’s customer service stated the hacker stole Nakamao’s login status through a malicious plugin and pretended to be the user to execute trades. While Binance froze the account within 1 minute 19 seconds of being notified, the damage was already done.
Binance claims they cannot compensate for losses when a user’s own device is compromised. Yi He warned users about the risks of using cookie-saving plugins instead of typing passwords.
User Disputes Binance’s Assessment
Nakamao disputes Binance’s explanation, claiming Binance knew about the malicious plugin long ago but continued to promote it. Nakamao alleges Binance tracked down the hacker’s address weeks ago but did nothing to warn users.
This incident highlights the risks of cryptocurrency account hacks and the need for users to practice proper cybersecurity. It also demonstrates the challenges exchanges face in balancing usability and security.
