Coinbase Data Breach Attacker Launders $42.5M via THORChain, Posts Message On-Chain

In Brief:

Hacker converted $42.5 million in BTC to ETH using THORChain after bribing Coinbase support staff.

Published a provocative on-chain message via transaction metadata, including a link to a video.

A hacker linked to the recent Coinbase insider data breach has transferred over $42.5 million worth of Bitcoin to Ethereum via the cross-chain liquidity protocol THORChain, according to blockchain analyst ZachXBT.

The attacker is believed to have bribed Coinbase customer support contractors to obtain sensitive user data, as previously reported. In a new twist, the attacker executed a series of transactions to obfuscate the stolen funds and then published an on-chain message in the metadata of a transaction. The message included a YouTube video link featuring a short clip intended to provoke attention online.

The on-chain transaction in question (hash: 0x18c909a8...) appears to be a calculated move to mock investigators while signaling the attacker’s confidence in escaping traceability.

This case highlights the increasing use of decentralized protocols like THORChain for cross-chain laundering, making fund tracing more complex. The transfer also underscores rising concerns around insider threats in centralized exchanges and the challenges in securing user data.

Law enforcement has not yet disclosed the identity of the attacker, and Coinbase has yet to issue a statement on the on-chain message. Investigations by the FBI and blockchain analytics firms are ongoing.

‍