TL;DR
- A hacker who breached over 69,000 Coinbase users has begun laundering $44.9 million worth of stolen Ethereum through the decentralized THORChain protocol, effectively avoiding traditional tracking mechanisms.
- The attacker publicly mocked on-chain investigator ZachXBT by embedding a taunting message in an Ethereum blockchain transaction, sparking widespread reactions in the crypto community.
- Coinbase now faces potential financial damage estimated between $180 million and $400 million, right as the company was celebrating its inclusion in the S&P 500 index.
A wave of controversy has swept through the crypto world after the hacker behind the recent Coinbase breach embedded a provocative message in the Ethereum blockchain, directly targeting well-known on-chain investigator ZachXBT. The brief message simply read “L bozo,” accompanied by a link to a humorous YouTube video featuring former NBA player James Worthy. This move not only caught the attention of the broader community but also demonstrated how attackers can use the transparency of blockchain networks to send public, symbolic messages.
However, the provocation didn’t stop there. The attacker has begun moving the stolen assets: over 17,800 ETH were converted into DAI using THORChain, a decentralized finance protocol that enables cross-chain swaps without centralized intermediaries. On-chain data confirms that the swaps were executed at an average rate of $2,528 per ETH, evidence of a well-calculated operation aimed at maintaining both anonymity and transactional efficiency.
The Cost of Security and the Resilience of the Crypto Ecosystem
The breach, which affected exactly 69,461 Coinbase users, was disclosed in May 2024, though the initial security incident occurred in December 2023. According to filings with the Maine Attorney General, Coinbase confirmed that personal user data had been compromised. Shortly after the breach was made public, the attacker demanded a $20 million Bitcoin ransom, threatening to leak the data on the dark web. Coinbase refused to negotiate and instead offered an equivalent bounty for any information leading to the hacker’s arrest.
The incident has impacted Coinbase’s stock, which dropped by 0.92%, reflecting investors’ concerns over the looming remediation costs that could reach up to $400 million.
Yet, many voices within the crypto space argue that this kind of event doesn’t undermine the core principles of decentralization or open access. On the contrary, it highlights the ongoing need for stronger cybersecurity measures, without sacrificing user sovereignty.
Meanwhile, Binance and Kraken faced similar social engineering attempts but successfully thwarted them. Using AI systems and strict access policies, these exchanges prevented unauthorized exposure of customer data. These cases show that while threats persist, the crypto industry continues to evolve, proving its capacity to defend its foundation: decentralization, resilience, and freedom from censorship.
