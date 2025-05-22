The hacker behind the massive Coinbase data breach is not only laundering tens of millions in stolen crypto but has also resorted to public mockery of blockchain sleuths attempting to track their activity.

On-chain evidence shows that the attacker recently converted 8,697 ETH into 22 million DAI, a dollar-pegged stablecoin. Around the same time, a separate address – believed to be part of the same operation and which had received 9,081 ETH via THORChain – was used to convert those funds into another $23 million in DAI.

The transactions, flagged by PeckShield, indicate an effort to move the illicit funds into stable assets, as part of a broader money laundering strategy.

On-Chain Troll

What makes this case especially brazen is the attacker’s decision to taunt ZachXBT, a well-known crypto sleuth, using Ethereum’s transaction message field to deliver an insult and a meme video link. The message, simply stating “L bozo,” was followed by a clip of NBA legend James Worthy smoking a cigar.

ZachXBT, who posted about the taunt on his Telegram channel, confirmed that blockchain evidence links the sender of this message to the same entity responsible for the breach that compromised tens of thousands of Coinbase users.

These latest transactions and taunts arrive in the wake of Coinbase’s admission that the breach affected at least 69,400 users and stemmed from a campaign that began in December 2024 but was only discovered in May 2025. According to disclosures filed with the Maine Attorney General’s office, the attacker bribed Coinbase customer support personnel to gain internal access to user data.

The scope of the breach is severe and includes compromised information such as users’ full identities, contact information, account balances, and transaction histories. Coinbase has said it rejected a $20 million ransom demand from the hacker in exchange for deleting the stolen data.

Unauthorized Biometric Data Collection

Coinbase is also facing a class-action lawsuit from Illinois residents who claim the crypto exchange unlawfully collected and shared their biometric data during identity verification. Filed on May 13, the suit accuses the crypto exchange of violating Illinois’ Biometric Information Privacy Act (BIPA) by capturing facial geometry from selfies and ID photos without obtaining user consent or providing proper disclosure.

The biometric data was allegedly analyzed by third-party vendors such as Jumio, Onfido, Au10tix, and Solaris. Plaintiffs also claim Coinbase refused to pay arbitration fees for over 10,000 individual cases, which led to their dismissal.

The lawsuit includes three counts of BIPA violations and one count of consumer fraud under Illinois law. Plaintiffs are seeking $5,000 per intentional violation and $1,000 per negligent one, as well as a court order to halt the practices and cover legal costs