Coinbase Hacker’s Taunts and Lavish Cryptocurrency Laundering Spree

The perpetrator of a significant data breach targeting Coinbase users has escalated their actions, openly mocking blockchain investigator ZachXBT while continuing to launder millions of dollars in stolen cryptocurrency.

The insult came in the form of an on-chain message, sent via an Ethereum transaction’s input data field, reading “L bozo”—a slang term combining “loser” and a derogatory term for a fool. The message, posted on May 22, also linked to a meme video of NBA legend Michael Jordan smoking a cigar.

This unusual move was first highlighted by ZachXBT via a post on his Investigations Telegram channel. He identified the sender as the same individual or group responsible for siphoning sensitive data from Coinbase’s customer database in a breach dating back to December 2023.

Shortly after issuing the taunt, the threat actor initiated a large-scale cryptocurrency swap, converting approximately $42.5 million worth of Bitcoin into Ethereum via Thorchain, a decentralized swapping protocol designed for cross-chain asset transfers. Blockchain records from Etherscan link the transaction to a wallet labeled “Fake_Phishing1158790.”

On-chain analysis revealed that within an hour of the public message, the hacker moved an additional 8,698 ETH, valued at approximately $22.6 million, and later liquidated the tokens for $22.12 million in DAI, a US dollar-pegged stablecoin. These movements were closely monitored by on-chain analysts, who continued to track the flows in real time.

This comes days after Coinbase officially acknowledged the breach, which affected at least 69,400 users. While login credentials and passwords remained secure, the attackers accessed sensitive customer information, including government-issued identification documents and email addresses.

Following the incident, the hacker demanded a $20 million ransom, threatening to exploit the stolen data for phishing attacks and social engineering scams if the ransom wasn’t paid. Coinbase refused to pay the ransom and instead posted a $20 million bounty for information leading to the attacker’s apprehension.

In response to the breach, Coinbase has moved to strengthen its internal security infrastructure. Measures include enhanced employee background checks, real-time transaction surveillance, and the opening of a new customer support hub in the U.S. The company estimates that direct and indirect costs stemming from the incident could reach $400 million.

Furthermore, the U.S. Department of Justice has reportedly opened a criminal investigation into the Coinbase breach. Federal authorities are examining the circumstances surrounding the security lapse and whether any regulatory failures contributed to the incident.

Disclaimer: This article is provided for informational purposes only. It is not provided or intended to be used as legal, tax, investment, financial, or other advice.