- Coinbase hackers mocked investigator ZachXBT on Ethereum, laundering $45M via THORChain and DAI conversions, per blockchain data.
- Attackers converted 17,778 ETH ($45M) into DAI via THORChain, blockchain analysts reported, complicating fund tracking.
The perpetrators behind a Coinbase data breach that exposed sensitive information of nearly 70,000 users have publicly mocked blockchain investigator ZachXBT while laundering $45 million in stolen crypto assets. The incident, initially detected in December 2023, involved hackers bribing customer service staff to access names, addresses, and account balances.
On-chain activity reveals the hackers sent a transaction via Ethereum containing the message “L bozo” alongside a link to a meme video featuring NBA icon James Worthy. The taunt appears directed at ZachXBT, who previously flagged $300 million in user losses tied to social engineering scams impersonating Coinbase support. The message coincided with the transfer of $42.5 million in Bitcoin through THORChain, a decentralized cross-chain protocol.
10/ So where does the blame lie?
a) For the vast majority of the time these theft addresses are not being reported at all by Coinbase in popular compliance tools even after the thefts went on for weeks.
b) Multiple victims who have contacted me get stuck with useless customer… pic.twitter.com/ssYL2wN5iO
— ZachXBT (@zachxbt) February 3, 2025
Blockchain analytics firm PeckShield traced additional laundering efforts, noting the conversion of 8,697 ETH ($22 million) and 9,081 ETH into the stablecoin DAI. These moves, executed swiftly across multiple addresses, aimed to obscure the funds’ origins. THORChain’s design, which enables asset swaps without centralized oversight, complicates tracking efforts.
#PeckShieldAlert The threat actor who stole $300M+ from #Coinbase users by bribing customer support and sending #ZachXBT on-chain msg has swapped 8,697 $ETH for 22M DAI.
Another highly relevant address, which received 9,081 $ETH from #THORChain, has swapped them for 23M DAI. pic.twitter.com/nUWZbCfz0R— PeckShieldAlert (@PeckShieldAlert) May 22, 2025
Coinbase confirmed it refused a $20 million Bitcoin extortion demand, instead offering a bounty for the hackers’ capture. The exchange estimates remediation costs between $180 million and $400 million, covering reimbursements and security upgrades. While passwords remained secure, stolen data enabled targeted phishing campaigns, heightening risks of account takeovers.
Michael Arrington, TechCrunch founder, warned the breach could endanger users physically, citing rising crypto-related violence. The hackers’ brazen tactics—public jeers paired with sophisticated fund movements—highlight escalating challenges in combating cybercrime within decentralized ecosystems.
