Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124

The Coinbase data breach, discovered on May 11th, 2025, and initially reported in a filing with the Maine Attorney General’s office, resulted in the theft of sensitive user data, including names, home addresses, and other personal information affecting at least 69,400 users. The attackers demanded a $20 million ransom in Bitcoin, a demand Coinbase refused, instead offering a $20 million bounty for information leading to the arrest of the perpetrators. The company estimates potential financial repercussions between $180 million and $400 million, encompassing remediation costs and customer compensation. This breach has sparked multiple lawsuits filed against Coinbase, with plaintiffs alleging inadequate security measures and poor handling of the incident. Some legal experts suggest the data leak could even put users in physical danger.
Adding to the complexities of the situation, the hacker responsible for the breach has openly taunted blockchain investigator ZachXBT. Following a significant cryptocurrency swap of approximately $42.5 million from Bitcoin to Ether via THORChain, the hacker used an on-chain message to mock ZachXBT, further escalating the situation. This action occurred after the attacker swapped a substantial amount of Bitcoin (BTC) to Ether (ETH) through THORChain. Subsequent blockchain analysis by PeckShield revealed continued movement of funds, with the hacker converting significant amounts of ETH to DAI. The use of THORChain in this illicit activity brings renewed scrutiny to the platform, which has faced criticism previously for its involvement in facilitating transactions linked to other major hacks, such as the $1.4 billion Bybit hack where North Korea’s Lazarus Group was suspected of using THORChain for money laundering. The resignation of a THORChain developer, “Pluto,” following a controversial vote against blocking transactions linked to Lazarus, further highlights concerns surrounding the protocol’s role in facilitating illicit activities. The Coinbase breach and the hacker’s provocative actions underscore significant vulnerabilities within the cryptocurrency ecosystem and highlight the ongoing challenges in combating cybercrime and ensuring user security.