Coinbase hacker trolls ZachXBT onchain after $42.5M THORChain swap

The hacker behind the data breach targeting Coinbase users mocked blockchain investigator ZachXBT with an onchain message following a major crypto swap.

On May 21, the hacker used Ethereum transaction input data to write “L bozo,” followed by a meme video of NBA player James Worthy smoking a cigar.

The message came after the attacker swapped about $42.5 million from Bitcoin (BTC) to Ether (ETH) via THORChain.

ZachXBT flagged the message on his Telegram channel, linking it to the same entity responsible for the Coinbase data breach affecting at least 69,400 users.

On May 22, blockchain security firm PeckShield reported that the hacker had continued to move funds, swapping 8,697 ETH for 22 million Dai (DAI). A separate but closely linked address, which received 9,081 ETH via THORChain, also converted the assets into 23 million DAI.

Related: DOJ is investigating Coinbase data breach— Report

Coinbase hit with lawsuits after breach

The Coinbase breach, first reported in a filing with the Maine Attorney General’s office, occurred in December 2024 and was discovered on May 11. The stolen data includes names, home addresses and other personal information.

Following the disclosure, the attackers demanded a $20 million ransom in Bitcoin to prevent the release of the stolen data. Coinbase refused and instead offered a $20 million bounty for information leading to the identification of the hackers.

The company estimates a potential financial impact between $180 million and $400 million due to remediation costs and customer compensation.

Coinbase has also faced a wave of lawsuits following the revelation. At least six legal complaints were filed on May 15 and 16, with plaintiffs accusing the exchange of failing to implement adequate security measures and mishandling its response to the breach.

Related: Coinbase data leak could put users in physical danger: TechCrunch founder

THORChain under scrutiny for criminal use

The Coinbase hacker’s use of THORChain to swap $42.5 million worth of Bitcoin into Ether comes as the protocol faces growing scrutiny over its role in facilitating illicit transactions.

In March, the platform came under fire after its swap volume surged following the $1.4 billion Bybit hack. The protocol generated over $5 million in revenue after processing $5.4 billion in swap volume, with over $1 billion moved in a single day.

Blockchain security firms identified North Korea’s Lazarus Group as the main suspect, using THORChain to launder a significant portion of the stolen funds.

The controversy intensified when a THORChain developer, known as “Pluto,” resigned after a vote to block transactions linked to Lazarus was overturned.

Magazine: TradFi is building Ethereum L2s to tokenize trillions in RWAs: Inside story