- The Coinbase hack serves as a stark reminder of ongoing security vulnerabilities in crypto exchanges and the sophisticated tactics criminals deploy to evade capture.
- Meanwhile, the crypto community watches closely as this high-stakes cat-and-mouse game unfolds on the blockchain’s public ledger.
In one of the most brazen crypto heists in recent memory, a hacker responsible for a massive Coinbase data breach has begun laundering $45 million worth of stolen Ethereum (ETH) — all while openly taunting the community’s top sleuth, ZachXBT.
According to blockchain analytics firm Spot On Chain, the hacker moved 17,778 ETH (roughly $45.48 million at an average price of $2,558 per ETH) through three newly created wallets in just four hours. These funds were swiftly converted to DAI stablecoins, indicating an urgent effort to obfuscate the trail.
Also read: Binance Coin (BNB) Price Prediction May 2025: Will BNB Reach $700 or Drop Below $600?
THORChain: The Laundering Tool of Choice
The attacker employed THORChain, a decentralized liquidity protocol that facilitates cross-chain swaps, to wash the illicit funds. This method is increasingly favored by hackers due to its ability to break transaction links across different blockchain networks, making it harder for investigators to track stolen assets.
In a puzzling twist, the hacker then partially rebought ETH, spending 536,000 DAI to purchase 207.17 ETH at a higher average price of $2,587. This move could be a calculated tactic to confuse tracking efforts or a strategic market play.
Mocking ZachXBT: A Bold Provocation
Adding insult to injury, the hacker sent an Ethereum transaction embedded with a mocking message directed at ZachXBT, a highly respected on-chain investigator known for exposing crypto fraud. The message bluntly read, “L bozo,” slang for “loser,” implying that ZachXBT had failed. Accompanying the text was a link to a YouTube clip of NBA legend James Worthy smoking a cigar — a symbol of celebration and derision.
ZachXBT publicly shared the taunt on his Investigations Telegram channel, confirming the same wallet behind the message moved over 8,600 ETH (valued at $22.6 million) shortly afterward.
The Bigger Picture: Coinbase Breach Timeline
This cybercrime saga began with a data breach impacting approximately 69,400 Coinbase users, first detected on May 11. The vulnerability exploited was reportedly present since December, allowing the hacker prolonged access to sensitive user information and wallets.
Coinbase has since offered a $20 million bounty for information leading to the hacker’s arrest. However, with the thief’s bold laundering methods and public taunts, catching them remains a formidable challenge.
