Coinbase Hacker Taunts ZachXBT, Swaps $42.5M BTC to ETH

Onchain sleuth and blockchain analyst ZachXBT revealed they were mocked by the Coinbase hacker, who on Thursday swapped roughly $42.5m in Bitcoin for Ether on Thorchain.

The hacker appears to have left an on-chain taunt reading “L bozo” aimed at ZachXBT on May 22. The phrase “L bozo” combines internet slang for “loser” with a term for a foolish person.

By stamping this message on the blockchain, the hacker aimed to belittle ZachXBT and show contempt for those pursuing them.

Image Source: Etherscan

Coinbase Refuses $20M Ransom Demand

Last week, Coinbase disclosed that a hacker had bribed a customer service agent to access account details for nearly 97,000 users.

The stolen data included government-issued IDs and potentially email addresses, though passwords and private keys remained secure. After accessing this information, the hacker demanded a $20m ransom, threatening to sell or misuse the records for phishing scams or further social-engineering attacks.

Coinbase refused to pay and instead offered a $20m bounty to capture the perpetrator, later confirming that 69,461 clients’ data had been compromised.

Following the ransom refusal, the hacker has now executed a large-scale token swap, converting $42.5m in BTC into ETH via Thorchain. Subsequently, the attacker sold 8,698 ETH for $22.12m in DAI, a move tracked in real time by on-chain analysts.

Incident Costs May Top $400M

Coinbase revealed the breach occurred in December and only came to light earlier this month. The company said overseas agents were manipulated into copying sensitive records, and it has since terminated the employees involved.

Meanwhile, the US Department of Justice has opened a formal probe into the security lapse at Coinbase. The exchange also announced a bounty program to incentivize tips leading to the culprit’s arrest.

Coinbase estimates that direct and indirect costs tied to the incident could climb as high as $400m. The fallout has forced the company to strengthen its insider-threat safeguards, including enhanced agent screening and real-time transaction monitoring.

As the industry grapples with the attack, observers warn that social engineering remains a constant threat to digital asset firms and call for stricter internal controls to safeguard customer data.