Crypto users discovered a harmful Google Chrome extension designed to steal funds by manipulating website cookie data.

Binance trader β€œdoomxbt” first spotted the issue in February after noticing $70,000 in losses linked to suspicious activity. The attacker initially deposited the stolen funds on the AI-powered crypto exchange SideShift.

“I have been compromised in some strange way and my Binance account was drained out. Out of nowhere, I heard sound notifications about orders getting filled while I never placed any – suddenly my $70k amount was suddenly $0 on screen.”

On Tuesday, the culprit was reportedly linked to a fake Aggr app extension on Google’s Chrome store. Unlike the legitimate Aggr app, which provides professional trading tools like on-chain liquidation trackers, the malicious version included code to collect all website cookies from users. This allowed hackers to reconstruct passwords and user keys, especially for Binance accounts.

⚠️DO NOT DOWNLOAD THE AGGR CHROME EXTENSION⚠️

Once the fake Aggr app was available on the Chrome Store, hackers launched a social media campaign to encourage downloads. The developers hired a network of influencers to promote the malicious software in a process known as β€œshilling.” Social media accounts populated timelines with trading buzzwords to convince users the tool was needed.

In this case, these influencers either forgot the popular crypto chant β€œdo your own research” (DYOR), or ignored it. It’s unknown if promoters knew the fake Aggr left users vulnerable or if social media accounts profited from the attack.

Following the incident, some promoters were contacted for comment, but at least one blocked the request. This incident is part of a larger trend, as similar attacks using Chrome extensions have occurred recently. Last month, a trader lost over $800,000 in digital assets after interacting with two malicious Chrome browser extensions. Users are advised to DYOR and double-check any application before downloading to devices.

At first glance, the extension is mostly harmless, importing a small “background.js” file and the popular javascript extension “jquery.”

Stay informed and protect your assets by exploring more news on Global Crypto News.