Yi He, co-founder of crypto exchange Binance, has dismissed claims that a platform security breach led to the loss of $1 million in crypto from a single user account. The Binance co-founder wrote on June 3:

"Look closely; this user's account was breached because their own computer was hacked; they are a lost cause. After the hack, the hacker could not withdraw funds, so the hacker sold the victim's coins, which led to trading losses."

The same day, crypto trader Nakamao alleged that they had lost their entire account balance through “counter-trading” without obtaining his Binance account password or 2FA instructions. “Afterwards, the security company told me that the hacker was manipulating my account by holding my web cookies hostage,” said Nakamao, who explained that after the account was breached, the hacker “bought the corresponding tokens in the USDT trading pair with abundant liquidity, and placed limit sell orders that exceeded the market price in the BTC, USDC and other trading pairs with scarce liquidity.” 

Afterward, the hacker placed a large number of leveraged bets against a counterparty, which led to nearly $1 million in losses after the trades went the wrong way. "During the whole process, I did not receive any security reminders from Binance," Nakamao claims.

In response, Binance’s customer service claims that a “hacker stole your account login status through a plug-in and pretended to be you to perform operations and transactions” during the incident. According to the exchange, it handled Nakamo’s request to freeze his account within “1 minute and 19 seconds" of receipt. However, by then, the hacker already finalized several leveraged trades in the compromised account: 

"We sympathize with your experience, but according to the information we have learned so far, the reason for your asset loss is that your related devices were manipulated because of the installation of malicious plug-ins. Unfortunately, we have no way to compensate for such cases that have nothing to do with Binance."

Nakamao did not seem to agree with the assessment, alleging thereafter:

"It turns out that Binance knew about the existence of this plugin a long time ago, and even encouraged the KOL to get more information from the hacker. My account was stolen when the plugin was further promoted. Binance tracked down the hacker's address at least 3 or 4 weeks ago, and also obtained the name and link of the plugin from the KOL."

Binance’s Yi He proceeded to warn users of the dangers of logging into accounts with active cookie plugins to save the minor inconvenience of having to type their passwords every login: “Binance is not able to compensate users when their own login devices are compromised,” she stated.

Yi He, a former Chinese TV host, is currently one of two women at the helms of the world’s largest crypto exchanges, the other being Bitget’s CEO, Gracy Chen. In April, He stated that her spouse, Binance’s co-founder and former CEO Changpeng Zhao, received the “most optimal outcome” in his U.S. sentencing on money laundering charges. 

Source