Two security incidents on June 3 were related to large exchanges. One of them was a user named Nakamao who posted a long article on the X platform, claiming that he had become a victim of the cryptocurrency circle and that $1 million in his Binance account had been stolen. The user claimed that on May 24, he was with him and all his communication devices were with him, but the hacker stole all the funds in his account through a knock-on transaction without obtaining the Binance account password and secondary verification instructions.
The hacker stole the user's funds by using the knock-on trading method. In this model, the hacker conducts large transactions in trading pairs with scarce liquidity, obtains actual funds or stablecoins by taking over the sell-off of the hacker's account, and the buyer takes over the altcoins in the hands of the seller. This method is not uncommon in exchanges, and even in past cases, similar large-scale knock-on trading incidents have occurred in FTX and Binance.
Hackers hijacked web page cookies to manipulate user accounts and used terminal data saved in the user's browser. This means that the user's account was manipulated by the hacker to conduct transactions, but the user himself did not notice the abnormality until he checked the account information afterwards.
In the first case, the user contacted the exchange and its co-founder after the theft, but the exchange took a day to notify other exchanges, resulting in the hacker's funds disappearing. During the entire process, the user did not receive any security reminders. Even the day after the hacker stole the funds, the exchange sent an invitation email to the user to become a spot market maker, which is ironic.
After reviewing the situation, it was found that the user had downloaded a Chrome plug-in called Aggr to view market data. The plug-in has extensive permissions, including access to browser storage, operation of network requests, etc., which may be used by hackers to attack. After discovering the problem with the plug-in, the user contacted the KOL who promoted the plug-in, but unexpectedly, the exchange had already known about the plug-in problem, but did not notify the exchange to suspend its use in time, causing the user to become the next victim.
The exchange’s response to the incident has attracted market attention and discussion. In addition to the official account’s recap that the cause was a hacker attack, the exchange also stated in a WeChat group that it was not its responsibility for the user’s computer being hacked, and that it could not compensate the user for the losses incurred as a result.
Nakamao obviously cannot accept Binance's operation, believing that Binance has failed to take risk control measures, and that the KOL has clearly confirmed that he mentioned the plug-in to the Binance team, and that Binance is also suspected of not reporting it. As public opinion continues to ferment, Binance also responded again that it will apply for a reward as feedback for users reporting malicious plug-ins.
I thought the matter had come to an end, but interestingly, on June 5, the incident took a turn. Nakamao once again apologized to Binance on the X platform, saying that there was a gap in information with Binance and that he had made subjective assumptions. Binance was actually not aware of the plug-in. Binance first learned about the aggr.trade website on May 12, not in March as mentioned earlier. In addition, the KOL was not an undercover agent of Binance. The KOL communicated with Binance on account issues, not plug-in issues.
Regardless of whether these remarks are true or false, the 180-degree turn in attitude, from disappointment to public apology, shows that Binance must pay compensation to it, but the specific amount of compensation is unknown.
On June 3, both OKX and Binance were affected by security incidents. An OKX user claimed that his account was stolen by AI face-changing, resulting in the theft of $2 million. The incident occurred in early May. It is said that the hacker obtained the user's email address and clicked "Forgot password" to construct a fake ID card and AI face-changing video, bypassing the firewall and successfully transferring all assets. Although the synthetic video may be relatively crude, it can still break through OKX's risk control system.
The crypto community has widely discussed these two incidents. Some people believe that although self-custodial wallets can achieve absolute control over assets, exchanges are safer than exchanges because they can provide communication channels and intervene in investigations. However, some people emphasize the urgency of security improvements in exchanges, including adding password lock functions, 2FA verification before transactions, and re-verification after IP changes. He Yi, the founder of Binance, also responded to this, saying that the verification frequency will be increased to improve security.
From these two incidents, we can see that big brothers need to strengthen their own security awareness, and try to use completely independent devices for operation under the premise of dispersing assets. It is recommended to use decentralized authentication, avoid setting password-free and live authentication, use plug-ins with caution, and use hardware wallets for large assets. It is difficult to obtain subsequent compensation for the theft of encrypted assets, and it is even difficult to file a case.
Similar cases are not uncommon. In a report, the victim, Mr. Zhu, cooperated with a big boss named "Cheng Qiqi" who claimed to have earned tens of millions of yuan by speculating in cryptocurrencies, but in the end the victim lost all his money. It is difficult to file a case in this case because all operations are personal behaviors and there is no obvious fraud or coercion. The police and the media can only remind the public that virtual currency transactions are high-risk and need to be vigilant.
To sum up, users should protect themselves and be vigilant about their trading partners, especially when it comes to trading collaborations involving high-value assets.
No matter what kind of transaction you are involved in, security is always more important than efficiency or profitability. Even in the crypto world, where high profits and freedom are exchanged for some security sacrifices, security is still crucial. This may be one of the reasons why the crypto world is difficult to get rid of centralization.
It is human nature that everyone wants someone to cover for them. Even if they make a lot of money, they are not willing to make wedding clothes for others.