ZachXBT recently confirmed a theft of $15.9 million targeting vendors on Coinbase Commerce. Coinbase’s AML did not detect any suspicious activity, and it is currently unclear how the attack occurred.
Some on-chain data and other clues from the culprit’s social media boasts may help reveal his identity, but the investigation is ongoing. The search is becoming more complicated as no victims have been found yet.
ZachXBT discovers Coinbase commerce theft
ZachXBT, a renowned cryptocurrency detective, revealed the progress of this investigation in a social media post. Zach claimed that the first theft occurred on April 21, with a suspicious outflow of over 1,700 USDC.
The culprit quickly linked stolen USDC worth more than $15.9 million to Polygon and Ethereum. It has since been split into three wallets, most of which remain dormant.
Although the criminal kept his identity secret, he nevertheless began purchasing luxury goods under the username “Excite.” His face was partially identifiable in some of the photos, and metadata showed he was likely in Denmark.
ZachXBT said he would be able to identify Excite’s real name, but there was still an important question. How did this person compromise Coinbase’s security?
“While the identity of the victim in this case is not yet known, it is clear that strong leads exist that could potentially hold this threat actor accountable. It is expected that others will also participate, as the funds were split three ways. “One of the questions I would like to have is why Coinbase’s AML monitoring did not flag this suspicious activity within 16 hours,” he said.
Interestingly, Coinbase has a poor history with AML monitoring. Last year, it was fined $50 million for violating compliance laws. Commenters on Zach’s post complained that the company was too keen on restricting law-abiding accounts, but this major crime went completely undetected.
Last month, ZachXBT investigated another scammer impersonating Coinbase Support. In early February, Coinbase Commerce suspended Bitcoin payments due to “operational obstacles.” But obviously the platform needs to compensate for potential problems.
Unfortunately, because the victim did not come forward, little information is known other than the identity of Coinbase as a commerce company. We hope that continued investigation will reveal more information.
disclaimer
In compliance with Trust Project guidelines, BeInCrypto is committed to unbiased and transparent reporting. These news articles aim to provide accurate and timely information. However, before making any decisions based on this content, readers are encouraged to check the facts and consult with experts. Our Terms of Use, Privacy Policy and Disclaimer have been updated.