A hacker linked to a data breach affecting Coinbase users taunted blockchain sleuth ZachXBT on May 21 by embedding a mocking message in an Ethereum transaction.
The attacker first moved roughly $42.5 million from Bitcoin to Ether using THORChain, then used transaction input data to write “L bozo” alongside a meme video of former NBA star James Worthy smoking a cigar.
On-Chain Taunt
The mocking message appeared directly on Ethereum’s public ledger. By embedding the insult and meme video reference into the transaction data field, the hacker ensured it would be visible to anyone examining the blockchain.
ZachXBT flagged the on-chain message on his Telegram channel, identifying it as the same actor behind the breach that exposed personal data of at least 69,400 Coinbase users.
Major Crypto Swap
This move drew attention because of its size and how it was linked to the taunting message. The sequence underlined both the hacker’s technical skill and their willingness to flaunt their actions publicly.
Earlier disclosures revealed that the same attacker was responsible for a Coinbase security lapse. On May 11, Coinbase discovered that data for over 69,400 users had been compromised.
Also Read: Sequoia Capital’s Roelof Botha Hit in Coinbase Data Hack, Personal Data Exposed
The breach dated back to December of the previous year. Details included in the filing with the Maine Attorney General’s office confirmed that the personal information was at risk, leading to widespread concern among users and regulators.
Continued Fund Movement
On May 22, blockchain security firm PeckShield reported that the hacker continued to shift assets. One address moved 8,697 ETH into 22 million DAI, while a separate but connected address, which had received 9,081 ETH via THORChain, converted its holdings into 23 million DAI.
These additional swaps underscored the attacker’s rapid conversion of stolen or illicitly obtained funds, likely aimed at complicating any efforts to trace or recover the assets.
Ransom Demand and Legal Fallout
Following the breach disclosure, the hacker demanded a $20 million ransom in Bitcoin, threatening to release the stolen data if Coinbase did not comply. Coinbase refused to pay, instead offering the same $20 million as a bounty for information leading to the hacker’s capture.
Meanwhile, several lawsuits have been filed against the exchange. At least six legal complaints arrived on May 15 and 16, with plaintiffs alleging that Coinbase failed to secure user data and mishandled the breach response.
As these events unfold, the hacker’s public taunt has become emblematic of growing challenges in crypto security and accountability.
Also Read: Coinbase Faces SEC Scrutiny Amid Exchange Breach But Growth Outlook Remains Strong