- Hacker converts stolen Coinbase funds into millions worth of Ethereum.
- Insider collusion linked to Coinbase’s massive $400 million security breach.
- Attacker trades openly on-chain, ignoring ongoing investigations and scrutiny.
The individual behind the May 2025 Coinbase breach is actively converting stolen funds into Ethereum. On-chain data shows the hacker recently purchased 4,863 ETH using $12.5 million in DAI for $2,569 per token.
Authorities have traced the transactions to wallets connected to the exploit, confirming that the attacker now holds $45.36 million in DAI across two addresses. This can be attributed to several trades in which the hacker sold stacks of ETH and later re-entered the market to buy more.
Coinbase has verified that the hack was also enabled by employee collaboration. The exchange says that the fake contractors gave access to a small percentage of the user data. Less than 1 percent of customers had their data leaked, though the leak caused about 400 million dollars in losses.
Also Read: Elon Musk Confirms America Party Will Embrace Bitcoin Over Fiat System
Despite the hackers’ $20 million demand to keep the breach hidden, Coinbase declined to negotiate. Instead, the company revealed the mishap and promised to compensate the affected customers to the fullest extent possible.
Attacker Engages in Strategic Ethereum Trades Amid Ongoing Probe
Blockchain analysts observed the hacker executing calculated moves to maximize value from the stolen assets. Around six weeks ago, the same wallets sold 17,779 ETH for $45.48 million, shortly before repurchasing 207.17 ETH using $536,000 in DAI.
The trades were conducted on THORChain, a decentralized exchange that allows cross-chain swaps. This technique has helped the hacker make fund flows difficult to track, as he has been able to accumulate a position in Ethereum.
All attempts to confiscate the funds or track down the attacker have so far been futile. Strategic behavior is still tracked through on-chain data, which means that the hacker does not have a hurry to leave the market.
Coinbase added that measures were put in place to detect the contractors involved and ensure that such breaches are avoided. Nevertheless, the event demonstrates the persistence of dangers in the crypto market associated with online employees and the transfer of hacked assets within dApps.
The hacker’s Ethereum accumulation strategy following a $400 million exploit has intensified scrutiny from both analysts and law enforcement. As the investigation continues, Coinbase faces pressure to reinforce internal controls and recover the stolen funds.
Also Read: Analyst Says ‘Something Big is Brewing’ as $1.7 Million XRP Shifts From Coinbase
