Hackers Cynically Launder Millions Stolen from Coinbase, Taunting Investigators with Memes
A hacker, yet to be identified, has been laundering tens of millions of dollars in stolen cryptocurrency while publicly mocking blockchain investigators tracking their activities.
The perpetrator, as indicated by on-chain evidence, recently transformed 8,697 Ether into 22 million DAI, a stablecoin pegged to the US dollar. Simultaneously, another address suspected to be associated with the same operation, which had received 9,081 Ether via THORChain, was utilized to convert the funds into an additional $23 million in DAI.
These transactions, flagged by PeckShield, suggest an attempt to move the illicit funds into stable assets as part of a broader money laundering strategy.
The attacker has also exhibited an unusual degree of audacity, taunting cryptocurrency sleuth ZachXBT using Ethereum's transaction message field. The message, which simply stated "L bozo," accompanied a clip of NBA legend James Worthy smoking a cigar.
ZachXBT, who shared this taunt on his Telegram channel, confirmed that the sender of this message links to the entity responsible for the breach that compromised tens of thousands of Coinbase users.
This latest round of transactions and taunts comes after Coinbase admitted that the breach affected at least 69,400 users, stemming from a campaign that began in December 2024 but was not discovered until May 2025. According to filings with the Maine Attorney General's office, the attacker bribed Coinbase customer support personnel to gain internal access to users' data.
The scale of the breach is considerable, involving the theft of sensitive personal and financial data, such as full identities, contact information, account balances, and transaction histories. Coinbase rejected a $20 million ransom demand from the hacker in exchange for deleting the stolen data.
Coinbase is also facing a class-action lawsuit from Illinois residents who accuse the crypto exchange of unlawfully collecting and sharing their biometric data during identity verification. Filed on May 13, the suit alleges violations of Illinois' Biometric Information Privacy Act (BIPA) by capturing facial geometry from selfies and ID photos without obtaining user consent or providing proper disclosure.
The biometric data was reportedly analyzed by third-party vendors such as Jumio, Onfido, Au10tix, and Solaris. Plaintiffs also claim Coinbase refused to pay arbitration fees for over 10,000 individual cases, leading to their dismissal.
The lawsuit includes three counts of BIPA violations and one count of consumer fraud under Illinois law. Plaintiffs seek $5,000 per intentional violation and $1,000 per negligent one, as well as a court order to halt the practices and cover legal costs.
[Source: Reuters, Bloomberg, The Wall Street Journal]
- The hacker, using Ethereum's transaction message field, mocked cryptocurrency sleuth ZachXBT by sending a message linked to the perpetrator responsible for the breach that affected tens of thousands of Coinbase users.
- Simultaneously, the cybercriminal transformed a large amount of Ethereum into two stable assets, DAI, leading investigators to suspect an attempt at cybersecurity evasion as part of a broader money laundering strategy.
- This latest round of transactions and taunts comes as Coinbase contends with its biggest cybersecurity crisis yet, including a class-action lawsuit over unlawful collection and sharing of biometric data for identity verification, violating Illinois' Biometric Information Privacy Act (BIPA).
