Binance’s co-founder Yi He has publicly refuted claims that a security breach on their platform led to a user losing $1 million in cryptocurrencies. The loss, Yi explained, was due to the user’s personal computer being compromised, not due to any vulnerability within Binance’s systems.
This statement was in response to allegations by a cryptocurrency trader known as Nakamao, who reported substantial losses due to unauthorized transactions made on his account.
Yi He detailed that the hacker gained access to the user’s account by exploiting the compromised computer, subsequently selling the user’s bitcoin and executing unfavourable trades.
“Our platform’s security measures were fully operational and the breach did not originate from our systems,” Yi asserted in a statement. He urged the public to recognize that the fault lay with the security of the user’s personal computer.
Dispute Over the Nature of the Security Breach
Nakamao, however, presented a contrasting account of how his account was manipulated. He claimed the hacker controlled his Binance account by hijacking his web cookies. “The security experts informed me that the hacker maintained access by manipulating my web cookies,” Nakamao explained.
He described how the intruder executed transactions in highly liquid USDT trading pairs while placing disadvantageous sell orders in less liquid markets like BTC and USDC.
Following the incident, Binance’s response was swift. Their customer support team managed to freeze the affected account within just one minute and 19 seconds of receiving the freeze request.
Despite their quick action, significant damage had already occurred due to other transactions executed by the hacker.
“Our team responded promptly to the security breach by freezing the affected account, though unfortunately not before some trades were completed,” the Binance team commented.
Despite Binance’s explanation and rapid intervention, Nakamao criticized the platform’s delay in notifying users about the potential threat posed by a malicious plugin known to the company. “It was later revealed that Binance had prior knowledge of this harmful plugin but delayed informing its users,” he stated.
Yi He stressed the importance of maintaining secure login practices, particularly when dealing with active cookie plugins. She reiterated that Binance cannot compensate for losses incurred due to compromised user devices. “Users must avoid any trivial convenience that compromises their security. Binance cannot offer compensation for losses incurred under such circumstances,” she concluded.