The perpetrator behind a significant data breach targeting Coinbase users has escalated their activities, openly mocking blockchain investigator ZachXBT while continuing to launder millions in stolen cryptocurrency.
Hacker Leaves Public Blockchain Insult for ZachXBT
The taunt came in the form of an on-chain message, sent via an Ethereum transaction’s input data field, reading “L bozo” — a slang term combining “loser” and a derogatory expression for a fool. The message, posted on May 22, also linked to a meme video of NBA legend James Worthy smoking a cigar.
The provocative move was first flagged by ZachXBT through a post on his Investigations Telegram channel. He identified the sender as the same individual or group responsible for siphoning sensitive data from Coinbase’s customer base in a breach dating back to December 2023.
$42.5M Token Swap Tracked On-Chain
Soon after issuing the taunt, the threat actor initiated a large-scale cryptocurrency swap, converting roughly $42.5 million worth of Bitcoin into Ethereum through Thorchain, a decentralized swapping protocol designed for cross-chain asset transfers. Blockchain records from Etherscan link the transaction to a wallet tagged “Fake_Phishing1158790.”
On-chain analysis revealed that within an hour of the public message, the hacker moved an additional 8,698 ETH, valued at approximately $22.6 million, and later liquidated the tokens for $22.12 million in DAI, a US dollar-pegged stablecoin. These movements were closely monitored by on-chain analysts, who continued to trace the flows in real time.
Coinbase Breach Fallout and Regulatory Scrutiny
The developments come just days after Coinbase formally acknowledged the breach, which affected at least 69,400 users. While login credentials and passwords remained secure, the attackers accessed sensitive customer data, including government-issued identification documents and email addresses.
Following the incident, the hacker demanded a $20 million ransom, threatening to exploit the stolen data for phishing attacks and social-engineering scams if the ransom was not paid. Coinbase declined the demand and instead posted a $20 million bounty for information leading to the attacker’s capture.
Measures Taken Following Breach
In response to the breach, Coinbase has moved to reinforce its internal security infrastructure. Measures include enhanced agent background checks, real-time transaction surveillance, and the launch of a new customer support hub in the U.S. The company estimates that direct and indirect expenses stemming from the incident could reach $400 million.
Furthermore, the U.S. Department of Justice has reportedly opened an investigation into the Coinbase breach. Federal authorities are examining the circumstances around the security lapse and whether any regulatory failings contributed to the incident.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Source: https://cryptodaily.co.uk/2025/05/coinbase-hacker-turns-troll-drops-taunts-while-laundering-funds