In a brazen move, the hacker responsible for the recent $42.5 million Coinbase theft has reemerged—swapping the funds via THORChain and mocking blockchain investigator ZachXBT with an on-chain message. The taunt, posted as part of a transaction, has shocked the crypto community and reignited conversations about the risks of decentralized money laundering.
“You can’t catch what’s already free,” the hacker wrote in a THORChain memo field—directly addressing ZachXBT, a well-known on-chain analyst and crypto scam investigator.
How the $42.5M Swap Went Down
The attacker reportedly used THORChain, a cross-chain liquidity protocol, to move the stolen funds from Ethereum-based assets to Bitcoin, effectively breaking chain traceability. By routing the funds through a decentralized, non-KYC platform, the hacker obscured the source and destination of the assets.
Blockchain forensics firms confirmed that the swap took place over several hours, with multiple wallets used to split and reallocate the ETH before moving into BTC.
“The use of THORChain was a strategic decision to exploit gaps in cross-chain compliance,” said a report from blockchain security firm PeckShield.
ZachXBT Responds to the Provocation
ZachXBT, known for exposing crypto scams and tracking stolen funds, responded to the hacker’s message on X (formerly Twitter), saying:
“Enjoy your time in the shadows. You won’t be there forever.”
The exchange has drawn widespread attention, highlighting the ongoing cat-and-mouse dynamic between cybercriminals and blockchain investigators.
Coinbase Hack Still Under Investigation
The original $42.5 million exploit targeted Coinbase’s internal infrastructure in late April, compromising hot wallets linked to ETH and other ERC-20 tokens. While Coinbase has yet to reveal full details, sources familiar with the investigation suggest that the breach involved both social engineering and security lapses.
So far, no funds have been recovered, and the attacker remains unidentified. Coinbase has reportedly cooperated with U.S. federal agencies and private forensic firms, but the trail has gone cold—especially after the THORChain transaction.
What This Means for Crypto Security
This incident exposes the serious challenges facing blockchain security and compliance, particularly with decentralized and cross-chain protocols like THORChain. While decentralization is a key innovation, it also creates new vulnerabilities that malicious actors can exploit.
“Until there’s a unified global response, these types of attacks will continue,” noted a cybersecurity expert from Chainalysis.
Conclusion
The Coinbase hacker’s trolling of ZachXBT after laundering $42.5 million via THORChain reveals just how emboldened modern crypto criminals have become. It also underscores the urgent need for improved cross-chain tracking and regulatory coordination to combat these evolving threats.