
AI face-swapping, plugin traps: Two security incidents cause over ten million in user losses
TechFlow Selected TechFlow Selected

AI face-swapping, plugin traps: Two security incidents cause over ten million in user losses
Security is far more important than efficiency or profitability, which may be one of the reasons why the so-called decentralized crypto world struggles to move away from centralization.
By Tuoluo Finance
Security incidents are already common in traditional finance, but in the anonymous and treacherous world of cryptocurrency—akin to a dark forest—they are even more routine.
Data shows that just in May, the crypto industry witnessed 37 typical security incidents. The total losses from hacking attacks, phishing scams, and rug pulls reached $154 million, an increase of about 52.5% compared to April.
On June 3, two new security incidents occurred. Slightly different from previous cases, both were linked to major exchanges, with particularly bizarre processes—though, as always, one person's loss was another’s gain.
On June 3, a lengthy post by a user named Nakamao went viral on X (formerly Twitter). In it, he claimed, “I became a victim of the crypto world—$1 million vanished from my Binance account.” His narrative unveiled a chain of hacker thefts, one step after another.
According to his account, on May 24, while Nakamao was at work and all communication devices remained within reach, hackers managed to steal all funds from his account—even without obtaining his Binance password or two-factor authentication (2FA) codes. They executed wash trades to carry out the theft.

Wash trading, in simple terms, involves large transactions in illiquid trading pairs. One party buys aggressively to absorb the hacker’s sell-off, allowing the hacker to cash out via stablecoins or alternative tokens, while the buyer ends up holding the dumped altcoins. This form of theft is not uncommon on exchanges. In 2022, FTX suffered a $6 million wash-trade theft due to a leaked 3commas API key—an incident SBF resolved using personal funds. Binance has also experienced similar large-scale wash trades before. The malicious nature of this method lies in how ordinary it appears: for exchanges with weak risk controls, these are just regular trades with no obvious signs of theft.
In this case, trading pairs QTUM/BTC, DASH/BTC, PYR/BTC, ENA/USDC, and NEO/USDC were targeted, with prices artificially inflated over 20% through large buy orders. All operations went unnoticed by the user until over an hour later when checking his account revealed the anomaly.
According to responses from security firms, hackers hijacked the user’s web cookies—essentially exploiting stored session data on the browser. A typical example: when accessing certain websites online, you don’t need to log in again because prior browsing history and default records remain.
At this point, the incident might seem solely due to user negligence. But things took a stranger turn afterward. Immediately after the theft, Nakamao contacted customer support and Binance co-founder He Yi, providing his UID and requesting prompt freezing of the hacker’s funds. However, Binance staff took a full day to notify KuCoin and Gate. Unsurprisingly, the hacker’s funds had already disappeared. What’s more shocking: the hacker used only a single account—without splitting funds across multiple addresses—and successfully withdrew everything from Binance. Throughout the process, the user received no security alerts. Ironically, the next day, Binance even sent him an email invitation to join their spot market-making program—triggered by the large-volume purchases made during the attack.
During post-incident review, an otherwise unremarkable Chrome extension called Aggr came under scrutiny. Used for viewing market data, the victim said he downloaded it based on months-long promotions by several overseas KOLs.
To briefly explain, browser extensions can perform various actions. In theory, a malicious extension could log into trading accounts, access user information, execute trades, withdraw funds, and modify account settings—all because such plugins often have broad permissions including network request manipulation, browser storage access, and clipboard control.
Upon discovering the issue, Nakamao immediately reached out to the KOLs, warning them to advise users to disable the plugin. Unexpectedly, the backlash boomeranged back at Binance. According to Nakamao’s initial claim, Binance had already known about problems with this plugin; similar incidents had occurred as early as March. Binance reportedly tracked the hacker but chose not to alert users or suspend the product—possibly to avoid tipping off the attacker—and even allowed KOLs to maintain contact with the hacker. During this period, Nakamao became the next victim.
The fact that hackers could log in and trade using only cookies suggests flaws in Binance’s mechanisms. Yet since the incident originated from user oversight, assigning liability becomes complicated.
Predictably, Binance’s response sparked controversy. While the official account acknowledged the root cause as a hacking attack and claimed unawareness of the AGGR plugin, He Yi commented in a WeChat group: “This happened because the user’s computer was compromised. Even gods can’t save such cases. Binance cannot compensate for infections on users’ own devices.”

Unsurprisingly, Nakamao rejected Binance’s stance, accusing the exchange of inadequate risk management and suspecting Binance knew about the plugin given that KOLs had explicitly reported it. As public criticism intensified, Binance responded again, announcing plans to offer a reward for reporting malicious plugins.
Just as people thought the matter was closing, an unexpected twist emerged on June 5. Nakamao posted again on X, publicly apologizing to Binance. He admitted miscommunication and subjective assumptions: Binance was actually unaware of the plugin earlier than previously stated. Binance first learned of aggr.trade on May 12—not in March as initially claimed. Additionally, the KOLs were not acting as informants for Binance; their communications concerned account issues, not the plugin itself.
Regardless of the truth behind these statements, the complete reversal—from public disappointment to apology—strongly suggests Binance provided some form of compensation, though the exact amount remains unknown.

On another front, coincidentally on June 3, OKX was also involved in a separate incident. A user claimed on community platforms that their account was stolen via AI face-swap technology, resulting in $2 million being transferred out. The incident occurred in early May. The user asserted that no personal information was leaked. Instead, hackers accessed his email by clicking “forgot password,” then created a fake ID and used an AI-generated face-swap video to bypass verification. They subsequently changed the phone number, email, and Google Authenticator within 24 hours, fully draining the account.
Although the video hasn’t been seen, based on the user’s description, the AI-generated footage was likely crude. Nevertheless, it still breached OKX’s risk control system. The user believes OKX shares responsibility and demands full reimbursement. However, upon closer analysis, the perpetrator must have been someone familiar with the user—aware of habits and account balances—pointing strongly toward insider involvement. The user himself mentioned having a close friend who was constantly around. Under normal circumstances, OKX would not provide compensation. The affected user has now filed a police report and intends to pursue recovery through legal channels.
These two incidents have triggered widespread discussion in the crypto community. From a security standpoint, while many emphasize self-custody wallets for absolute asset control, it must be acknowledged that exchanges are generally safer than individual management—primarily because they introduce a third-party intermediary. Exchanges are contactable entities that, regardless of outcomes, will at least intervene in investigations. With proper communication, victims may even receive compensation, as seen above. In contrast, if a self-hosted wallet is compromised, there is virtually no recourse.
However, improving exchange security is now urgent. Major platforms hold most users’ assets, and given the irreversibility of crypto transactions, enhanced protection is critical. In traditional finance, logging out typically requires re-entering passwords to prevent unauthorized access, and transfers usually involve additional verification layers. Therefore, the community recommends that exchanges implement features like password locks, mandatory 2FA before trades, re-authentication upon IP changes, or adopt multi-party computation (MPC) verification to decentralize credentials—sacrificing usability for greater security. Still, some users argue that repeated verifications would be too cumbersome for high-frequency traders, limiting practicality.
He Yi responded by stating: “We’ve layered big-data alerts and manual confirmation for sudden price fluctuations and increased user notifications. We’re about to raise verification frequency for plugin usage and cookie authorization. Transaction passwords aren’t suitable here, but Binance will tailor additional security steps based on user profiles.”

Ultimately, these two cases underscore the need for heightened vigilance among users. Strengthening personal security awareness is essential. Users should diversify asset storage, operate preferably on dedicated devices, use decentralized authentication methods prioritizing security over convenience, avoid setting免密 transactions or biometric logins, carefully evaluate browser extensions, and store large holdings in hardware wallets.
After all, digital assets differ fundamentally from physical ones. Physical assets can at least be traced; stolen crypto, however, rarely leads to compensation due to regulatory constraints—and filing a case is often extremely difficult.
Such cases are not rare. Recently, in a report by 1818 Golden Eyes, a classic example surfaced. Mr. Zhu found a Zhihu influencer known as “Cheng Qiqi,” who claimed to have earned millions from crypto trading and wanted others to follow suit. After negotiation, they signed a profit-sharing agreement: 70% of profits go to Cheng, 30% retained by Zhu; losses split equally. Zhu only copied trades manually, keeping ownership of all accounts.
Despite the seemingly trustworthy contract and generous profit share, the outcome was disappointing. After initial small gains, Zhu increased his investment. Encouraged by Cheng’s promise of “full compensation in case of liquidation,” he borrowed 600,000 yuan, leveraged 100x, and shorted ETH. When ETH rose instead, Zhu lost everything.
Such cases are nearly impossible to prosecute since all actions were performed voluntarily by the user, with no evidence of fraud or coercion. In the end, both police and journalists could only reiterate: under Chinese law, cryptocurrency trading is unprotected and highly risky—users must stay vigilant.

Eventually, Mr. Zhu closed the chapter with a heartbroken yet helpless expression—a tragicomic ending indeed.
In any case, we once again remind all participants: in any financial domain—even in crypto, where high returns and freedom come at the cost of reduced security—safety matters far more than efficiency or profitability. Perhaps this is also why the so-called decentralized world struggles to escape reliance on centralization.
After all, human nature remains unchanged. Everyone hopes someone will bear the risk—but no one wants to lose their hard-earned money for someone else’s gain.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News












