Original | Odaily Star Daily
Author | Nan Zhi
Yesterday, user X @CryptoNakamao posted a statement stating that their browser cookies were hijacked due to the malicious Chrome plugin Aggr, allowing hackers to manipulate their Binance account and causing losses of up to $1 million through wash trading.
In response to this incident, Binance issued a statement saying that the reason for the incident was that the user’s computer itself was hacked, and it took the security team 1 minute and 19 seconds to handle the user’s freeze request. Investigating wash trading, confirming suspect accounts across platforms, and submitting freeze requests across platforms takes time. As of the current investigation results, Binance did not notice any relevant information about the AGGR plugin before this incident. Therefore, no compensation can be provided for such incidents.
This incident once again sounds the security alarm for the general users. With the increasing professionalism of hackers, it is often difficult to recover from security incidents. Therefore, although the topic of how to improve security measures is a well-worn one, it should be given top priority. Odaily will summarize common attacks and defense measures in this article.
One-click account freeze
Firstly, in response to this incident, if you discover that you have been hacked but your funds have not been completely transferred, how can you quickly protect the remaining funds? In addition to transferring funds to other accounts, you can also protect your account by disabling it with just one click. After disabling, you need to contact customer service to unfreeze it.
Disabling the account needs to be done through the Binance App. First, go to the settings page, then at the bottom of the page, there will be an “Account Security” section, and finally enter the “Manage Account” section at the bottom. Click on disable account and confirm. The current official guide for Binance is the 2018 version, and the specific execution process is quite different from the reporter’s current practice. It is recommended that users confirm and familiarize themselves with the specific location in advance.
Chrome plugins
Chrome plugins are essential for Crypto users, so it is not practical to not use them. So how can you use Chrome safely? Users can do the following:
Check browser plugin permissions and disable unused plugins.
Use multiple browsers and assign different browsers for different security level requirements.
All Chrome plugins are recommended to be accessed through the links provided by the official X account, and it is not recommended to use Google search, let alone X search. Searching through these channels can easily encounter phishing links that are paid to be placed at the top, resulting in losses. The official has the obligation to maintain the correctness of the X account links and even compensate users in the event of an attack.
Viewing installed plugin permissions
Regarding the principles and security issues of Chrome extensions, SlowMist has already explained them in an article. 23PDS, the Chief Security Officer of SlowMist, pointed out that the most crucial part is the manifest.json file, which determines the plugin’s permission scope.
How to view the permission scope? Users can go to the chrome://extensions page, which includes all the installed plugins on the browser. After clicking on the details, you can see the permission scope of the plugin. Be cautious with plugins that have the permission “Read and change all your data on all websites.”
Multiple browser instances
Users can protect themselves by using different browsers for different security level requirements. For example, on the browser used for logging into exchanges, do not install any plugins, and only install basic tools like secure wallets on browsers that involve on-chain funds.
There are two common ways to open multiple instances of Chrome:
The first method is to use the official account switching method to open multiple instances. In the top right corner of Chrome, there is an account interface where users can choose to add temporary guest accounts or Google accounts. After adding them, click on “add account” to open a new browser interface. Browsers opened with different accounts run independently, and plugins cannot cause harm across browsers. And compared to the next method, it has the advantage of being able to synchronize plugins in the cloud.
Another common method is to create multiple instances based on shortcuts on the computer.
Users can copy one or any number of Chrome shortcuts on the computer, then right-click on the shortcut to enter the properties interface, and enter
at the end of the target address to create a new independent Chrome browser (note that there is a space at the beginning). This method is faster than the previous one, but it should be noted that the data is stored locally, so make sure to backup critical data such as wallet keys.
Clipboard permissions
Due to the prevalence of TG Bots, many users often directly copy keys. In this scenario, it is advisable not to copy the complete key at once. Keep a few letters to manually enter, to avoid clipboard monitoring risks. In addition, it is crucial to close the clipboard reading permissions for apps and web pages. For web users, you can go to the following link chrome://settings/content/clipboard to close the reading permissions for websites. In special cases, you can enable it again. This can greatly enhance security.
X platform fake account scams
In recent months, there have been frequent cases of fake official accounts posting malicious phishing links on the X platform. These accounts are often gold badge accounts, with usernames identical to the official ones, with only a difference of one or two letters in the account handle, making it difficult to tell at a glance.
For such scams, it is recommended to install the Scam Sniffer plugin, which scans X platform accounts and alerts fake official accounts that appear in the comment section.
Other basic security awareness
In addition to the manual checks and switches mentioned above, there are many basic security elements at the awareness level, including:
Do not trust any private message links on TG and DC, only trust official accounts for posting links and information.
Try to avoid exposing mnemonic phrases and keys to the internet, especially not taking photos of mnemonic phrases with a mobile phone.
Avoid installing remote control software such as TeamViewer and AnyDesk on computers involving large amounts of funds.
Set up 2FA for exchange accounts involving large amounts of funds and log out after use.
Decentralization means that security issues will never disappear, and losses are difficult to recover. Hackers’ attack methods are still evolving. Only by protecting ourselves can we ensure our survival. The fundamental way is to prioritize basic security measures.
Subscribe to Updates
Get the latest creative news from FooBar about art, design and business.