Hacker Behind Coinbase Data Breach Swaps $42 Million, Mocks ZachXBT

In an Ethereum transaction dated May 21, the hacker added a short note, "L bozo" along with a video of basketball player James Worthy smoking a cigar.

This was done after the hacker swapped around $42.5 million in Bitcoin BTC $89,415.80 for Ethereum ETH $3,046.03 using the THORChain RUNE $0.6591 platform.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

How Do KYC & AML Work in Crypto? (Explained)

SUBSCRIBE

ON YOUTUBE

ZachXBT pointed out the message on his Telegram channel and said it came from the same wallet involved in the breach that affected nearly 70,000 Coinbase $690.21M users.

On May 22, blockchain security firm PeckShield reported more transactions from the hacker. One wallet exchanged 8,697 ETH for about $22 million in the DAI DAI $1.00 stablecoin. Another wallet, which had received 9,081 ETH through THORChain, swapped its funds for roughly $23 million in DAI.

The original breach happened in December 2024 but was not found until May 11, 2025. According to a filing with Maine’s Attorney General, the hackers accessed names, addresses, and other private details.

The hacker asked for a $20 million ransom in Bitcoin to keep the data from being leaked. However, Coinbase refused and instead offered the same amount as a reward for information that could help identify those behind the attack.

On May 13, the Layer-2 scaling solution ZKsync and its development team, Matter Labs, experienced a security incident. How? Read the full story.