Tens of millions of Bitcoins have been transferred by the hacker behind the $100 million Coinbase wallet breach in 2022, who also tauntingly targets eminent blockchain investigator ZachXBT with an on-chain letter.
Using THORChain, a distributed cross-chain liquidity system that permits anonymous asset transfers across blockchains, the hacker swapped around 1,101 BTC (value $42.5 million). ZachXBT saw this behaviour on May 20 and reported it on X (previously Twitter), noting that the hacker moved the money to ThorSwap, a frontend for the THORChain network.
A Bold Move and a Mocking Message
Not a criminal, I’m a coder, an on-chain message arrived at one of ZachXBT’s known wallet addresses shortly following his post.
This remark seems to be a direct reaction to ZachXBT’s ongoing public tracking and labelling of hacker activity starting from the 2022 Coinbase hack. It also implies that the hacker sees himself not as a criminal but as someone using system vulnerabilities—a sometimes-cited narrative in grey-hat or black-hat hacking circles.
The 2022 Coinbase Breach: A Recap
Coinbase verified in late 2022 that an unidentified assailant had taken about $100 million in crypto assets from an exchange wallet. The hack raised questions about internal wallet security and flaws in crypto infrastructure, even though it had no direct impact on user accounts or operations.
Until recently, the hacker avoided capture and stayed quiet despite the first investigations and community-led tracing initiatives by people like ZachXBT.
THORChain’s Role and Challenges in Crypto Investigations
Because THORChain helps to enable cross-chain and privacy-centric transactions, which can hide financial flows and impede law enforcement tracking, it has come under investigation. Decentralized systems like THORChain have flaws for bad actors, even if they provide essential interoperability for DeFi ecosystems.
Using THORChain, the claimed Coinbase hacker essentially anonymized their Bitcoin swaps and avoided the restrictions of centralized exchanges, which are usually needed to comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) laws.
Community Reactions and What’s Next
Known for his exacting blockchain research and public disclosure of frauds, ZachXBT has not publicly responded to the hacker’s letter other than providing the transaction data. On Crypto Twitter, the message has generated conflicting responses, though some applaud ZachXBT’s fortitude while others question the hacker’s ethical posture and motivations.
This occurrence raises important issues regarding distributed anonymity, crypto security, and changing cat-and-mouse dynamics between blockchain researchers and exploiters. While some contend that programmers exposing vulnerabilities drive the industry towards more security, others underline that, regardless of motivation, activities involving illegal access and fund transfers remain criminal.
All eyes will be on how detectives handle the matter, as well as whether the hacker will try another well-publicized action.
