Coinbase Attacker Morphs Into Crypto Troll—Taunts Authorities During Money Laundering Spree

What do you get when a hacker crosses a meme lord? The latest chapter in crypto’s ongoing security theater.

From Breach to Brazen

The perpetrator behind the Coinbase exploit isn’t just cashing out—they’re live-trolling the cleanup. Blockchain sleuths trace funds zigzagging through mixers while the attacker drops cheeky on-chain messages mocking compliance efforts. Who needs anonymity when you’ve got audacity?

Wash, Rinse, Repeat

Old-school finance would’ve frozen those assets faster than a bank error in your favor. But in DeFi? The money’s already through three privacy pools and two NFT bridges—with a sarcastic tip of the hat to regulators on every transaction. Nothing spices up financial crime like performance art.

Meanwhile, exchange lawyers draft another sternly worded press release. Your move, SEC.

Hacker Leaves Public Blockchain Insult for ZachXBT

The taunt came in the form of an on-chain message, sent via an ethereum transaction’s input data field, reading “L bozo” — a slang term combining “loser” and a derogatory expression for a fool. The message, posted on May 22, also linked to a meme video of NBA legend James Worthy smoking a cigar.

The provocative MOVE was first flagged by ZachXBT through a post on his Investigations Telegram channel. He identified the sender as the same individual or group responsible for siphoning sensitive data from Coinbase’s customer base in a breach dating back to December 2023.

$42.5M Token Swap Tracked On-Chain

Soon after issuing the taunt, the threat actor initiated a large-scale cryptocurrency swap, converting roughly $42.5 million worth of Bitcoin into Ethereum through Thorchain, a decentralized swapping protocol designed for cross-chain asset transfers. Blockchain records from Etherscan link the transaction to a wallet tagged “Fake_Phishing1158790.”

On-chain analysis revealed that within an hour of the public message, the hacker moved an additional 8,698 ETH, valued at approximately $22.6 million, and later liquidated the tokens for $22.12 million in DAI, a US dollar-pegged stablecoin. These movements were closely monitored by on-chain analysts, who continued to trace the flows in real time.

Coinbase Breach Fallout and Regulatory Scrutiny

The developments come just days after Coinbase formally acknowledged the breach, which affected at least 69,400 users. While login credentials and passwords remained secure, the attackers accessed sensitive customer data, including government-issued identification documents and email addresses.

Following the incident, the hacker demanded a $20 million ransom, threatening to exploit the stolen data for phishing attacks and social-engineering scams if the ransom was not paid. Coinbase declined the demand and instead posted a $20 million bounty for information leading to the attacker’s capture.

Measures Taken Following Breach

In response to the breach, Coinbase has moved to reinforce its internal security infrastructure. Measures include enhanced agent background checks, real-time transaction surveillance, and the launch of a new customer support hub in the U.S. The company estimates that direct and indirect expenses stemming from the incident could reach $400 million.

Furthermore, the U.S. Department of Justice has reportedly opened an investigation into the Coinbase breach. Federal authorities are examining the circumstances around the security lapse and whether any regulatory failings contributed to the incident. 

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.