Thief Behind Massive Coinbase Exploit Swaps Stolen Crypto and Trolls On-Chain Sleuth ZachXBT

The thief behind the massive Coinbase exploit earlier this month has begun swapping their stolen crypto.

On Wednesday, pseudonymous on-chain investigator ZachXBT noted  on Telegram that the exploiter had swapped $42.5+ million worth of Bitcoin ( BTC ) into Ethereum ( ETH ) via the decentralized liquidity protocol THORChain ( RUNE ).

ZachXBT also notes that the thief trolled him with an on-chain message that said “L bozo” and linked to a YouTube video of former NBA star James Worthy smoking a cigar.

The exploiter later swapped 8,697 ETH for 22 million of the stablecoin Dai ( DAI ), according to the blockchain security firm PeckShield .

PeckShield also notes that a different address that is “highly relevant to the threat actor” received 9,081 ETH from THORChain, then swapped that ETH for 23 million DAI.

That relevant address later received another 8,569 ETH (worth approximately $22.4 million) from THORChain.

Coinbase says criminals bribed a small group of overseas customer support agents to copy the data of less than 1% of the firm’s monthly transacting users. A recent filing with the Maine Attorney General’s Office indicates the breach impacted 69,461 people.

The exchange notes that hacked information includes names, addresses, phone numbers, email addresses, masked social security numbers (the last 4 digits only), masked bank-account numbers, some bank account identifiers, government-ID images, account data and limited corporate data.

Coinbase learned about the hack after receiving an email earlier this month demanding a $20 million BTC payoff in exchange for not releasing the illegally obtained info. The company refused to give in to the hackers’ demand and estimates it will pay $180 million to $400 million in remediation costs and voluntary customer reimbursements.

Generated Image: Midjourney