ZachXBT recently identified a $15.9 million theft targeting a vendor on Coinbase Commerce. Coinbase’s AML did not detect the suspicious activity, and it is currently unclear how the attack occurred.

Some on-chain data and other clues from the culprit’s social media bragging may help reveal his identity, but the investigation is ongoing. As of yet, the victim has not come forward either, complicating the search.

ZachXBT Finds Coinbase Commerce Theft

ZachXBT, a famous crypto sleuth, revealed the progress of this investigation via social media posts. Zach claimed that the initial theft occurred on April 21, in more than 1700 suspicious USDC outflows.

The culprit swiftly bridged stolen USDC worth over $15.9 million to Polygon and then Ethereum. Afterward, this was split into three wallets, and the majority remained dormant.

The criminal has kept his true identity a secret but nevertheless began flexing luxury purchases under the username “Excite.” His face was partially identifiable in some photos, and metadata suggests he may be in Denmark.

ZachXBT stated that he might be able to identify Excite’s real name, but he still had an important question: how did this person breach Coinbase’s security?

“While the identity of the victim in this case remains unknown, it’s clear a strong lead exists to potentially hold this threat actor legally accountable. Due to how the funds were split three ways, I would expect others may have been involved. One question I would have is why did Coinbase’s AML monitoring not flag this suspicious activity within 16 hours,” he

Go to Source to See Full Article
Author: Landon Manning