Hacker Behind $400M Coinbase Heist Buys Millions in ETH, Still Uncaught

Coinbase hacker has converted millions into Ethereum, using THORChain to avoid tracking and remains uncaught.

Fridah Kangai
July 8, 2025
2:49 pm

Fridah Kangai

Fridah Kangai is a dedicated crypto journalist with a sharp eye for market trends, blockchain innovation, and digital asset movements. She specializes in breaking down complex topics into clear, engaging stories for both seasoned investors and curious newcomers. With a passion for decentralization and a pulse on the ever-evolving crypto space, Fridah delivers timely, accurate, and insightful coverage. Her work bridges the gap between technology and everyday understanding in the world of cryptocurrency.

Hacker behind $400M Coinbase exploit buys 4,863 ETH with stolen funds.
Transactions traced to decentralized platform THORChain complicate recovery.
Wallets linked to hacker still hold over $45 million in stablecoins.

A hacker linked to the $400 million Coinbase breach is steadily converting stolen funds into Ethereum. On-chain data confirmed a recent transaction involving 4,863 ETH purchased for $12.5 million in DAI at $2,569 per token.

Two of the wallets attributed to the attacker now contain more than $45 million of DAI. The regular ETH purchase indicates the scheme of gradually accumulating them in the long term.

Coinbase acknowledged that third-party fraudulent contractors committed the breach. They are said to have given the hacker limited access to user data.

A hacker who stole funds from a #Coinbase user has bought 4,863 $ETH for $12.5M $DAI at a price of $2,569.

The hacker still holds $45.36M $DAI across 2 different wallets and is likely to buy more $ETH.

Address: 0xb574d779c391eac47fa09b6e50cb79cccb57a8c8$DAI Holding Addresses:… https://t.co/zquj05yczI pic.twitter.com/Mloq2SoYEb
— Onchain Lens (@OnchainLens) July 7, 2025

After the breach, the company was asked to pay a ransom of $20 million, which was declined. Instead, it offered a complete refund to all the affected users.

Even with the investigation, the attacker is still unknown. Transactions still occur on decentralized platforms, and they are very hard to track.

Hacker Shifts Strategy with Ethereum Focus

About six weeks ago, the hacker sold 17,779 ETH for 45.48 million dollars in two known wallets. Selling each token for $2,558 reached the average price.

Immediately after that sale, 207.17 ETH was repurchased with 536k of DAI. The trades were made on a decentralized trading platform, THORChain, which is famous for offering the possibility of swapping with native assets.

THORChain also does not have intermediaries, enabling traders to avoid using centralized exchanges. This makes any attempt to intercept or freeze stolen assets

. The problematic, gradual pattern of selling and buying in the ETH movements shows evidence of a calculated plan. Ethereum seems liquid and flexible, so much so that the hacker appears to prefer it.

Coinbase reacted by attempting a complete internal review and promising to mitigate contractor risks and improve system protectors.

According to industry specialists, the hack is a sign of a threat of increasing insider access to crypto operations. Third-party-based platforms are particularly susceptible.

The owner of the Coinbase heist is still at large, as the hacker continues to cash in on Ethereum. As the stolen money is still on the move, decentralized tools assist anonymity.

Also Read: Vitalik Buterin Unveils Bold Plan to Make Ethereum Simple for Everyone