Recently, a series of exchange account theft incidents have once again raised security concerns. One Twitter user had his Binance account drained of $1 million due to a malicious Chrome extension. In another case, scammers used illegally obtained personal information and AI videos to tamper with a user's account on a trading platform, resulting in over $2 million in asset losses.
These events have exposed the potential risks of Chrome extension and the security vulnerabilities of exchanges.
Malicious Extensions and Cookie Theft
Chrome extensions, as practical tools for enhancing Google Chrome browser functionality, cover a wide range of features from instant webpage translation, password management, AI writing assistants, ad blockers to extension wallets.
However, it's worth noting that these extensions may request access to sensitive permissions, such as reading and writing website data, viewing and modifying browser cookies, accessing clipboard content, and geographic location information. This means that while extensions bring convenience, if these permissions are maliciously exploited, users' important data and privacy are at risk of exposure.
In the case of the user whose Binance assets were stolen, it began when the user noticed that a KOL recommended a Chrome extension called Aggr, which could be used to view market data and had many positive reviews in the Chrome Web Store. The user installed it. However, this extension maliciously requested numerous permissions and stole the user's browser cookies. Using this, scammers impersonated the user's identity, illegally logged in, and took control of his Binance account.
Subsequently, scammers set up sell orders for tokens on their own Binance accounts at prices far higher than the market price. For example, while the current market price of BTC was $70,000 USDT, the scammers' sell orders might be set at $80,000 USDT. Since the prices were far beyond the normal trading range, regular investors would not typically accept them.
However, at this time, the user's Binance account was under the control of the scammers, and it was forced to accept these high-priced orders. In other words, the scammers set high prices for selling, and then used the funds in the stolen account to buy at high prices.
This behavior is known as wash trading, which is essentially a form of self-trading aimed at swiftly transferring funds from a user's account to the scammer's account. Since the entire process resembles normal market transactions, it may be difficult to detect initially, until the victim discovers his funds mysteriously decreasing.
At the time of writing this article, we have noticed that Binance has publicly acknowledged the weaknesses in the current security mechanism and would continuously improve its risk control system.
Scammers Use AI to Impersonate People
A crypto user fell victim to a scam, where scammers accessed his email account, clicked on the forgot password option, and used an AI video to apply for changes to the phone number, email address, and Google Authenticator. This led to the tampering of user’ trading platform account and significant asset losses.
It is indicative of the trend of technology misuse and the inadequacies of account security mechanisms. Reflecting on cases discussed in the 22nd issue of the Security Monthly Report, scammers similarly used AI voice synthesis technology for fraud, showing the risks of malicious use of technological tools.
With the rapid development of big data and AI technology, the protection of personal privacy is facing severe challenges. Once personal information is leaked, it may provide fraudsters with opportunities to conduct AI scams.
PSA:
- Strengthen Personal Information Protection: Be cautious in managing personal sensitive information, reduce exposure on social networks to avoid becoming targets of scams.
- Install and Authorize Prudently: Do not trust recommendations from others easily; only download extensions from official channels and strictly limit their permissions. It is recommended to use a separate browser for handling extensions and transactions, log out promptly after use, and ensure the safety of the browser environment.
- Diversify Fund Storage: For large funds and important tokens, prioritize storing them in decentralized wallets such as imToken or imKey hardware wallets, bearing in mind the principle of "Not your key, not your coin!". With self-held mnemonic phrases and private keys, users of decentralized wallets have absolute control over their tokens, effectively avoiding risks such as potential data leaks, abuse of permissions, and server failures that often take place in centralized systems. Hardware wallets like imKey further ensure the security of your tokens by generating and storing keys offline, fundamentally reducing the threat of the aforementioned security incidents.
imToken Is Always Protecting Your Token Security
Risk Control
In May, imToken marked a total of 820 risky tokens; banned 1,095 risky DApp websites; and marked 3,128 risky addresses.
Additionally, if you come across tokens or DApps that appear to be risky, please promptly provide feedback to us at support@token.im to help prevent token losses for other users.
Closing Thoughts
With scams continually evolving, it is indeed challenging for average users to fully prevent them. imToken is committed to rapidly detecting issues and finding solutions, providing timely messages to the community, and educating users about various types of scams to protect them from losses.
We encourage you to read and share imToken Wallet Security Monthly Report and join hands with imToken to safeguard your token security.
Please note that imToken wallet is currently only available as a mobile app and has not released any Chrome extension. Recently, there have been fake extension wallets, leading to losses in some users’ assets.
Please ensure to download imToken from the official website at https://token.im.