In an audacious display of digital bravado, the hacker responsible for the recent Coinbase data breach has taunted blockchain sleuth ZachXBT with an onchain message, mere hours after executing a significant cryptocurrency swap. On May 21, the perpetrator inscribed “L bozo” in Ethereum transaction data, accompanied by a meme of NBA legend James Worthy enjoying a cigar. This cheeky move followed the hacker’s conversion of approximately $42.5 million from Bitcoin to Ether using THORChain, a decentralized exchange protocol.
A Bold Move in the Crypto Underworld
The Coinbase breach, initially discovered in May 2024 but only coming to public attention through a filing with the Maine Attorney General’s office, has rocked the cryptocurrency community. The attack compromised the personal data of at least 69,400 users, including sensitive information like names and addresses. In response to the breach, the attackers demanded a hefty $20 million ransom in Bitcoin. Coinbase, however, refused to capitulate, opting instead to offer a $20 million bounty for information leading to the hackers’ capture. This incident comes on the heels of Coinbase’s involvement in a Supreme Court case defending user data privacy, as detailed in our report on Coinbase’s legal battles.
ZachXBT, a well-known blockchain investigator, highlighted the hacker’s taunting message on his Telegram channel, linking it to the same entity behind the Coinbase incident. The mischievous gesture underscores the hacker’s apparent confidence—or perhaps recklessness—in evading capture even as blockchain security firm PeckShield reported ongoing fund movements. Just a day later, on May 22, the hacker swapped 8,697 ETH for 22 million Dai (DAI), further muddying the financial trail.
Fallout and Legal Repercussions
The repercussions for Coinbase have been steep. The company faces a potential financial impact estimated between $180 million and $400 million due to remediation efforts and customer compensation. The fallout has also sparked a surge of legal actions, with at least six lawsuits filed against the exchange on May 15 and 16. Plaintiffs accuse Coinbase of inadequate security measures and a bungled response to the breach, raising questions about the platform’s ability to safeguard user data. This legal turmoil is reminiscent of the recent Movement Labs scandal, where controversies surrounding Coinbase’s delisting decisions have also made headlines.
Adding to the complexity, THORChain—the protocol used for the hacker’s substantial crypto swap—finds itself under scrutiny. This isn’t the first time THORChain has been spotlighted for facilitating illicit transactions. Just last March, its swap volume soared following a $1.4 billion hack on Bybit, with the protocol reportedly generating over $5 million in revenue from the ensuing activity. Blockchain security experts have pointed fingers at North Korea’s infamous Lazarus Group, alleging their involvement in laundering funds through THORChain.
THORChain Under the Microscope
As the crypto community grapples with the implications of these developments, THORChain’s role as a haven for questionable transactions remains a contentious topic. The platform’s decentralization, while a hallmark of blockchain technology, has also made it a preferred tool for those seeking to obfuscate their digital trails. In a dramatic turn, THORChain developer “Pluto” resigned after a community vote to block transactions linked to the Lazarus Group was overturned, further fueling the debate on the protocol’s governance and security.
With blockchain technology’s promise of transparency and security, incidents like the Coinbase breach and THORChain’s controversial use pose significant challenges. They highlight the delicate balance between decentralization and accountability, prompting a reevaluation of how these systems can be both open and secure.
As the saga unfolds, the crypto world waits with bated breath for the next twist in this digital drama. Will the hacker’s brazen taunts lead to their downfall, or will they continue to elude justice? And what measures will exchanges like Coinbase and protocols like THORChain take to restore trust and security in the eyes of their users? Only time will tell, but one thing is certain—this story is far from over.
Source
This article is based on: Coinbase hacker trolls ZachXBT onchain after $42.5M THORChain swap
Further Reading
Deepen your understanding with these related articles:
- Crypto Coalition Tells SEC Staking Is ‘Essential Good,’ Not a Security
- U.S. Congress Braces for Intense Debate Over Crypto Legislation This Summer (openai)
- The SEC Can Learn From the IRS in Making Regulation Simpler for Crypto
Steve Gregory is a lawyer in the United States who specializes in licensing for cryptocurrency companies and products. Steve began his career as an attorney in 2015 but made the switch to working in cryptocurrency full time shortly after joining the original team at Gemini Trust Company, an early cryptocurrency exchange based in New York City. Steve then joined CEX.io and was able to launch their regulated US-based cryptocurrency. Steve then went on to become the CEO at currency.com when he ran for four years and was able to lead currency.com to being fully acquired in 2025.
