Alleged Coinbase hacker trolls ZachXBT on-chain after $42.5M BTC swap

ZachXBT, an on-chain investigator, shared on his Investigations Telegram channel that a hacker, who allegedly stole over $300 million in cryptocurrency from users, sent him a message.

The hacker delivered the message to his Ethereum account on-chain.

“The threat actor who stole $300M+ from Coinbase users by paying customer support just began trolling me on-chain with this message,” said ZachXBT in his Telegram message.

The message came from the address Fake\_Phishing1158790 and included the text “L bozo” and what looked like a YouTube video URL showing the famous internet clip of James Worthy smoking a cigar after the Lakers’ triumph.

A user commented on the YouTube video, “Smoking that ZachXBT pack,” showing they found the video through the on-chain message the hacker sent to the crypto investigator.

The hacker recently converted $42.5 million in BTC into ETH using the THORChain platform, tying the message to this blockchain swap.

On May 15, Coinbase announced the user data exploit. The hacker allegedly bribed customer support staff to obtain private user data.

Coinbase confirmed that the hacker accessed phone names, addresses, phone numbers, government-issued IDs, and other account-related information.

The exchange said fewer than 1% of users experienced the breach.

Coinbase dismissed the customer support staff involved and estimated it might cost up to $400 million to address the breach.

The attackers demanded a $20 million ransom from the crypto exchange.

Coinbase declined the ransom and offered a $20 million bounty in exchange for information revealing the hackers’ identities.

Plaintiffs filed at least six lawsuits on May 15 and 16, accusing Coinbase of security lapses and inadequate handling of the breach aftermath.

Investigators are increasing scrutiny of THORChain for facilitating unlawful transactions after the Coinbase hacker exchanged $42.5 million of Bitcoin for Ether through the platform.

In March, users increased swap activity on the platform after the $1.4 billion Bybit hack, which led to widespread backlash.

After facilitating $5.4 billion in swap volume, the protocol earned over $5 million in revenue, with daily transactions exceeding $1 billion at times.

Blockchain security experts suspect the Lazarus Group from North Korea as the leading culprit, using THORChain to clean a substantial portion of the stolen money.

After the community overturned the vote to block Lazarus-linked transactions, THORChain developer “Pluto” resigned, fueling further controversy.