In February, Binance trader “doomxbt” discovered a problem when he observed $70,000 in losses related to dubious transactions. The attacker first transferred the stolen funds to the AI-powered crypto platform SideShift.
Reports on Tuesday linked the perpetrator to a fake Aggr app extension found in Google’s Chrome store. While the authentic Aggr app offers professional trading utilities such as on-chain liquidation trackers, the fraudulent version contained code designed to harvest website cookies, potentially allowing hackers to reconstruct passwords and user keys, particularly for Binance accounts.
Are crypto influencers negligent or is this a sophisticated scam?
After the fake Aggr app became available in the Chrome Store, the hackers launched a social media campaign to encourage downloads.
The developers enlisted a network of influencers to endorse the malicious software through a tactic called “shilling.” Social media profiles flooded timelines with trade jargon to convince users of the tool’s necessity.
In this case, these influencers either overlooked or disregarded the well-known crypto mantra “do your own research” (DYOR). It remains unclear if the promoters were aware of the risks posed by the fake Aggr app, or if the social media accounts benefited from the attack.
After the incident, reporters contacted several promoters for comment, but at least one blocked the request.
This incident is indicative of a broader trend, with similar attacks involving Chrome extensions occurring recently. Just last month, a trader lost more than $800,000 in digital assets after interacting with two malicious Chrome browser extensions. Users are strongly encouraged to “do your own research” (DYOR) and thoroughly vet any application before downloading it to their devices.
0 Comments