Coinbase Breach Hacker Trolls ZachXBT with “L Bozo” Meme on THORChain

Coinbase is scrambling to contain the fallout from the data breach that festered for nearly half a year before surfacing in May, just as the attackers began demanding a US$20M (AU$31M) Bitcoin payoff to keep the stolen information under wraps.

On May 21, after moving tens of millions in stolen crypto, the attacker embedded a message in an Ethereum transaction mocking blockchain sleuth ZachXBT with a terse “L bozo”, along with a meme of NBA player James Worthy puffing on a cigar. The move came shortly after the hacker bridged roughly US$42.5M (AU$65M) from Bitcoin to Ethereum using THORChain.

ZachXBT shared the message in his official Telegram channel and linked the same wallet to the Coinbase breach that exposed personal data from nearly 70,000 users.

The timing couldn’t be worse for THORChain, which is still under scrutiny for its role in laundering funds from the Bybit hack earlier this year, a US$1.4B (AU$2.18B) exploit attributed to North Korea’s Lazarus Group. 

Related: Justin Sun to Attend Trump’s Crypto Dinner as SEC Chair Faces Memecoin Probe

Coinbase In Hot Water

The breach, which reportedly occurred in December 2024, remained undetected until mid-May, when it was disclosed in a filing with the Maine Attorney General. Names, home addresses, and other personal data were accessed. 

Coinbase refused to pay, opting instead to post a US$20M bounty for leads on the attackers’ identities.

The financial consequences could be severe. The exchange estimates remediation costs between US$180M (AU$280M) and US$400M (AU$623M), an expensive mix of legal fees, customer reimbursements, and system overhauls. 

At least six lawsuits landed within days of the disclosure, with plaintiffs accusing Coinbase of inadequate safeguards and a sluggish response.

Related: Scammed to Scammer: Aussie Banker Used Insider Knowledge to Steal $500k