Coinbase Hacker Flips $42.5M BTC to ETH—Then Trolls ZachXBT

A brazen crypto thief just pulled off a high-stakes asset shuffle—converting a staggering $42.5 million in Bitcoin to Ethereum—before taunting blockchain sleuth ZachXBT. Talk about adding insult to injury.

The move reeks of either calculated laundering or sheer arrogance—take your pick. Meanwhile, the ’security-first’ exchange stays silent. Classic finance theater.

Image Source: Etherscan

Coinbase Refuses $20M Ransom Demand

Last week, Coinbase disclosed that a hacker had bribed a customer service agent to access account details for nearly 97,000 users.

The stolen data included government-issued IDs and potentially email addresses, though passwords and private keys remained secure. After accessing this information, the hacker demanded a $20m ransom, threatening to sell or misuse the records for phishing scams or further social-engineering attacks.

Coinbase refused to pay and instead offered a $20m bounty to capture the perpetrator, later confirming that 69,461 clients’ data had been compromised.

Following the ransom refusal, the hacker has now executed a large-scale token swap, converting $42.5m in BTC into ETH via Thorchain. Subsequently, the attacker sold 8,698 ETH for $22.12m in DAI, a MOVE tracked in real time by on-chain analysts.

According to ZachXBT, the hacker accused of stealing Coinbase user data swapped approximately $42.5 million worth of BTC for ETH via THORChain and left a taunting message on-chain. The hacker had previously bribed a customer service agent to obtain information on nearly 97,000…

Incident Costs May Top $400M

Coinbase revealed the breach occurred in December and only came to light earlier this month. The company said overseas agents were manipulated into copying sensitive records, and it has since terminated the employees involved.

Meanwhile, the US Department of Justice has opened a formal probe into the security lapse at Coinbase. The exchange also announced a bounty program to incentivize tips leading to the culprit’s arrest.

Coinbase estimates that direct and indirect costs tied to the incident could climb as high as $400m. The fallout has forced the company to strengthen its insider-threat safeguards, including enhanced agent screening and real-time transaction monitoring.

As the industry grapples with the attack, observers warn that social engineering remains a constant threat to digital asset firms and call for stricter internal controls to safeguard customer data.