It seems like this month has turned out to be another unlucky one — and once again, we have news of a Coinbase exploit – hacker moved $42.5M via THORChain and left an on-chain message as noted by ZachXBT.
What’s Going On with Coinbase Security?
Not long ago, we covered a Coinbase security incident involving losses of up to $400M and a sensitive data breach affecting 69,461 individuals – and it’s not over yet. After several weeks of dormancy, an address linked to the largest attack on Coinbase this year has begun actively moving assets through THORChain.
More specifically, the attacker converted $42.5M in BTC into ETH using THORChain’s non-custodial swap mechanism – and managed to take a jab at ZachXBT along the way, whom you might remember for his active contribution to the investigation of the Bybit security incident. That said, Bybit recovered at record speed, and we recommend checking out our detailed analysis on whether the Bybit case should be called a “hack” and how secure Bybit is.
Returning to the Coinbase losses and the laundering attempts — shortly after the transaction, a message appeared: “L bozo,” accompanied by a link to a video of NBA player James Worthy.
ZachXBT confirmed in his channel that the message was directed at him and responded with a hint of irony.
Later, PeckShield reported that one of the addresses, which received 8,697 ETH, subsequently converted the funds into 22M DAI. A second address linked to the exploit received an additional 8,569 ETH and initiated similar fund-splitting and conversion moves. Over 17,000 ETH were involved, most of which were distributed across multiple wallets and tokenized into DAI.
Conclusion
Once again, we’re reminded that a system’s security is only as strong as its weakest point. Moreover, security isn’t just about technology but also about policy and process. Increasingly, systems are being compromised through third-party providers or human vectors. This demands significantly more attention and caution – from top-tier platforms and individual users alike. Stay alert and informed.
