Coinbase Hacker Taunts ZachXBT After $42.5M THORChain Swap

The hacker responsible for the Coinbase data breach, impacting over 69,400 users, has added insult to injury. Following a substantial cryptocurrency transaction, the perpetrator left a taunting on-chain message directed at blockchain investigator ZachXBT.

On May 21st, utilizing Ethereum transaction input data, the hacker defiantly inscribed “L bozo,” accompanied by a meme video featuring NBA star James Worthy enjoying a cigar. This provocative act followed the attacker’s conversion of approximately $42.5 million in Bitcoin (BTC) to Ether (ETH) through THORChain.

ZachXBT promptly highlighted this message on his Telegram channel, directly linking it to the individual behind the Coinbase data breach. This breach, affecting tens of thousands of users, resulted in the exposure of sensitive personal information.

The subsequent days saw the hacker’s continued movement of funds. PeckShield, a blockchain security firm, reported further transactions, including the exchange of 8,697 ETH for 22 million Dai (DAI). A related address also converted 9,081 ETH into 23 million DAI, showcasing a calculated effort to obfuscate the stolen funds.

Related: DOJ Investigates Coinbase Data Breach

Lawsuits and Fallout from the Coinbase Breach

The Coinbase breach, initially reported in December 2024 and discovered in May 2025, involved the theft of names, addresses, and other personal data. The attackers initially demanded a $20 million ransom, a demand Coinbase refused, instead offering a bounty for information leading to the perpetrators’ identification.

The estimated financial impact on Coinbase ranges from $180 million to $400 million, encompassing remediation costs and potential customer compensation. The company has also faced multiple lawsuits, with plaintiffs accusing Coinbase of negligence and inadequate security measures.

Related: Coinbase Data Leak Poses Physical Risks

THORChain’s Involvement Under Scrutiny

The hacker’s utilization of THORChain to launder funds has intensified scrutiny on the protocol’s role in facilitating illicit transactions. THORChain’s high volume processing following the Bybit hack further fueled these concerns.

The resignation of a THORChain developer after a failed vote to block transactions linked to Lazarus Group highlights the ongoing debate surrounding the platform’s responsibility in combating illicit activities.

Magazine: TradFi Building Ethereum L2s to Tokenize Trillions in RWAs