Yi He, co-founder of Binance, has denied claims that a security breach on the platform led to a user losing $1 million in cryptocurrency. The loss was allegedly due to a compromise via the Google Chrome extension Aggr, which saves login information from cookies.
In a statement on June 3, Yi He clarified:
“Examine the situation closely; this user’s account was breached because their own computer was hacked. After the hack, the hacker couldn’t withdraw funds, so they sold the victim’s coins, resulting in trading losses.”
On the same day, a crypto trader named Nakamao alleged that their entire account balance was lost through “counter-trading,” without the hacker obtaining their Binance account password or 2FA instructions. Nakamao explained that the security company revealed that the hacker was manipulating the account by controlling their web cookies. After the breach, the hacker purchased tokens in the USDT trading pair with high liquidity and placed limit sell orders above market prices in BTC, USDC, and other pairs with lower liquidity.
The hacker then placed large leveraged bets against a counterparty, resulting in nearly $1 million in losses when the trades went awry. “Throughout the incident, I did not receive any security alerts from Binance,” Nakamao claimed.
Binance customer service responded by stating that a “hacker stole your account login status through a plug-in and pretended to be you to perform operations and transactions” during the incident. Binance said it acted to freeze Nakamao’s account within “1 minute and 19 seconds” of receiving the request. However, by that time, the hacker had already completed several leveraged trades in the compromised account:
“We sympathize with your situation, but based on the information we have, the loss of your assets occurred because your devices were compromised by malicious plug-ins. Unfortunately, we cannot compensate for cases unrelated to Binance.”
Nakamao disputed this explanation, alleging that Binance had known about the risky plugin for a long time and had encouraged users to gather more information. Nakamao claimed that their account was hacked when the plugin was being promoted, and that Binance had tracked down the hacker‘s address weeks ago and had obtained details about the plugin.
Yi He warned users about the dangers of logging into accounts with active cookie-saving plugins, emphasizing that “Binance cannot compensate users when their own devices are compromised.”
Yi He, a former Chinese TV host, is one of two women leading major crypto exchanges, the other being Gracy Chen, CEO of Bitget. In April, He commented that her spouse, Binance co-founder and former CEO Changpeng Zhao, received the “most optimal outcome” in his U.S. sentencing on money laundering charges.
Summary Review: This incident underscores the importance of personal cybersecurity measures when dealing with digital assets. While Binance maintains its security protocols, users must remain vigilant against potential threats that compromise their devices.
Disclaimer: Remember that nothing in this article and everything under the responsibility of Web30 News should be interpreted as financial advice. The information provided is for entertainment and educational purposes only. Investing in cryptocurrency involves inherent risks and potential investors should be aware that capital is at risk and returns are never guaranteed. It is imperative that you conduct thorough research and consult with a qualified financial advisor before making any investment decision.