In April 2024, an unnamed merchant account on Coinbase Commerce made a number of suspicious transactions with USDC for a total of $15.97 million. According to online detective ZachXBT, the funds were stolen by an attacker.
1/ Earlier this year in April 2024 a Coinbase Commerce contract saw $15.9M of suspicious outflows indicating a merchant had potentially been exploited.
Shortly after a threat actor with the alias ‘Excite’ began showing off the stolen funds in chats.
Let’s dive in. pic.twitter.com/srM7ksPXPa
— ZachXBT (@zachxbt) December 10, 2024
According to the investigation, money was withdrawn over 16 hours through more than 1,700 transactions in amounts less than $10,000, likely to circumvent AML– exchange systems.
Part of the list of suspicious transactions. Data: ZachXBT.
First, USDC got onto the Polygon platform, and then onto Ethereum. There, the assets were converted into ETH and divided into three addresses.
Most of the coins have been dormant since then, but some were brought to the eXch automatic exchange and the Stake protocol.
ZachXBT discovered that within a month after the attack, the attacker began boasting of wealth on social networks. During a private conversation on Telegram, the hacker confirmed control of the address where $6 million of the stolen amount was stored.
He also claimed to own an Instagram profile with the nickname Excite and unsuccessfully tried to buy a Telegram account with the same name for $2,000.
Among other things, the owner of the profile indicated by the investigator showed expensive watches and tame monkeys.
Based on data from open sources, ZachXBT came to the conclusion that the attacker is located in Denmark.
Several commenters took note of the post, which allegedly shows the hacker’s face.
Presumably, the hacker was helped by accomplices. The detective said he has sufficient evidence to bring the perpetrators to justice.
The identity of the victim is still unknown. The platform did not disclose details of the incident.
The investigator himself and commentators on social networks were surprised that the Coinbase security system did not detect or prevent the attack.
Some have noticed that the platform applies different standards to private and corporate clients, without limiting transactions for large accounts to avoid causing inconvenience.
Another commenter said it was comical that Coinbase’s security system could be bypassed by making a few small transactions.
According to ZachXBT, the investigation is ongoing.
Stay informed! Subscribe to World Stock Market in Telegram.
Source: Cryptocurrency
I am an experienced journalist and writer with a career in the news industry. My focus is on covering Top News stories for World Stock Market, where I provide comprehensive analysis and commentary on markets around the world. I have expertise in writing both long-form articles and shorter pieces that deliver timely, relevant updates to readers.