Coinbase Hacker Swaps $42.5M Bitcoin to Ethereum Via THORChain

Coin WorldFriday, May 23, 2025 2:56 pm ET

1min read

BTC--

COIN--

ETH--

The thief behind the massive

Coinbase

exploit earlier this month has been actively swapping the stolen cryptocurrency. The pseudonymous on-chain investigator ZachXBT noted on Telegram that the exploiter had swapped $42.5+ million worth of Bitcoin (BTC) into Ethereum (ETH) via the decentralized liquidity protocol THORChain (RUNE).

In a taunting move, the thief sent an on-chain message to ZachXBT that read “L bozo” and included a link to a YouTube video of former NBA star James Worthy smoking a cigar. This message was seen as a direct response to ZachXBT's efforts to track the thief's activities.

The exploiter continued to swap 8,697 ETH for 22 million of the stablecoin Dai (DAI), as reported by the blockchain security firm PeckShield. PeckShield also identified another address closely linked to the threat actor, which received 9,081 ETH from THORChain and subsequently swapped it for 23 million DAI. This address later received an additional 8,569 ETH (valued at approximately $22.4 million) from THORChain.

The breach at Coinbase involved criminals bribing a small group of overseas customer support agents to copy the data of less than 1% of the firm’s monthly transacting users. A recent filing with the Maine Attorney General’s Office revealed that the breach affected 69,461 individuals. The compromised information includes names, addresses, phone numbers, email addresses, masked social security numbers (the last 4 digits only), masked bank-account numbers, some bank account identifiers, government-ID images, account data, and limited corporate data.

Coinbase discovered the hack after receiving an email demanding a $20 million BTC payoff in exchange for not releasing the stolen information. The company refused to comply with the hackers’ demand and estimates that it will incur remediation costs and voluntary customer reimbursements ranging from $180 million to $400 million.

This incident highlights the ongoing challenges faced by cryptocurrency exchanges in securing user data and preventing exploits. The actions of the thief, including the taunting message and the swapping of stolen crypto, underscore the need for enhanced security measures and vigilance within the industry. The involvement of decentralized liquidity protocols like THORChain in the swapping process adds another layer of complexity to the investigation and recovery efforts.

Comments

﻿

Add a public comment...

No comments yet

Disclaimer: The news articles available on this platform are generated in whole or in part by artificial intelligence and may not have been reviewed or fact checked by human editors. While we make reasonable efforts to ensure the quality and accuracy of the content, we make no representations or warranties, express or implied, as to the truthfulness, reliability, completeness, or timeliness of any information provided. It is your sole responsibility to independently verify any facts, statements, or claims prior to acting upon them. Ainvest Fintech Inc expressly disclaims all liability for any loss, damage, or harm arising from the use of or reliance on AI-generated content, including but not limited to direct, indirect, incidental, or consequential damages.