The hacker behind the massive Coinbase data breach is not only laundering tens of millions in stolen crypto assets but is now publicly mocking blockchain investigators with on-chain taunts.
Millions Laundered in Stablecoins
According to blockchain security firm PeckShield, the attacker recently transferred 8,697 ETH, converting it into approximately $22 million in DAI, a dollar-pegged stablecoin. A second wallet—believed to be linked to the same operation—received 9,081 ETH via THORChain, which was also swapped for $23 million in DAI, bringing the total laundered to over $45 million.
These coordinated swaps indicate an effort to obscure the origin of the stolen funds by converting them into stable assets, a common tactic in crypto money laundering.
Hacker Trolls Crypto Sleuth with Meme
In a bold twist, the hacker embedded a taunting message in an Ethereum transaction directed at ZachXBT, a prominent blockchain investigator known for tracking illicit crypto movements. The message included the phrase “L bozo” and a video link showing NBA legend James Worthy smoking a cigar—clearly intended to ridicule ongoing efforts to trace the funds.
ZachXBT later confirmed on Telegram that blockchain data ties the taunting message to the same entity responsible for breaching Coinbase.
Breach Details and Ransom Attempt
The exploit affected at least 69,400 Coinbase users, with data reportedly stolen through a campaign that began in December 2024 but wasn’t uncovered until May 2025. Disclosures filed with the Maine Attorney General’s Office reveal that the hacker bribed Coinbase support staff to gain unauthorized internal access to user data.
The compromised information includes users’ full names, contact details, account balances, and transaction histories. Coinbase has confirmed it refused a $20 million ransom demand from the attacker, who allegedly promised to delete the data in exchange.
Legal Trouble Over Biometric Data
Adding to Coinbase’s woes, the company is facing a class-action lawsuit in Illinois over allegations of unauthorized biometric data collection. Filed on May 13, the lawsuit claims that Coinbase violated the Illinois Biometric Information Privacy Act (BIPA) by collecting and sharing facial geometry data during ID verification—without consent.
Third-party vendors named in the suit include Jumio, Onfido, Au10tix, and Solaris. Plaintiffs also allege that Coinbase failed to pay arbitration fees for over 10,000 individual claims, causing those cases to be dismissed.
The lawsuit seeks up to $5,000 per intentional violation, $1,000 per negligent violation, and a court order to stop the alleged practices.
