Hacker behind $300 million Coinbase heist converts $45 million via Thorchain, taunts investigator

An unknown individual linked to the theft of $300 million from users of the exchange Coinbase converted $42.5 million in Bitcoin to Ethereum using Thorchain. This was reported by blockchain detective ZachXBT.

The expert shared a screenshot from a blockchain explorer, which featured an on-chain message from the hacker: «L bozo.» In crypto slang, this phrase mocks the recipient, with «L» denoting «loss» and «bozo» as a derisive term for a fool or loser.

Additionally, the hacker attached a link to a meme video on YouTube of NBA legend James Worthy enjoying a cigar—a classic visual «final touch» embodying the notion of «I have triumphed.»

ZachXBT interpreted this message as a personal taunt, indicating that the hacker was attempting to belittle him and show disdain for anyone who obstructs him.

This interaction appeared to be a response to ZachXBT’s dissemination of information regarding the recurring issues faced by Coinbase users.

On May 7, the researcher documented another incident involving customer assets at the American bitcoin exchange. The hacker stole $45 million using social engineering tactics. According to ZachXBT’s estimates, victims of fraud on this platform have incurred losses exceeding $300 million since the beginning of the year.

On May 15, Coinbase disclosed that user data had been compromised due to bribery of overseas support staff. The hacker demanded $20 million, threatening to release the stolen information on the dark web. The platform’s team refused and took countermeasures.

After being denied the ransom, the perpetrator converted $42.5 million from Bitcoin to Ethereum via Thorchain. An hour later, from the same address marked as Fake_Phishing1158790, there was a sale of 8,698 ETH for $22.12 million in DAI.

The day before, Coinbase admitted that due to a data leak in December 2024, hackers accessed information on 69,461 users. Later, the exchange estimated the cost of addressing the incident and compensating clients would range between $180 million and $400 million.

It’s worth noting that in March, platform users reported phishing emails. The attackers, posing as Coinbase, attempted to convince users to transfer their assets to new wallets, utilizing pre-generated seed phrases.

In May, Bloomberg revealed that Binance and Kraken had successfully thwarted social engineering attacks similar to those that plagued Coinbase.