Coinbase Hacker Buys Millions in Ethereum After $400M Insider-Linked Exploit

• Hacker converts stolen Coinbase funds into millions worth of Ethereum.
• Insider collusion linked to Coinbase’s massive $400 million security breach.
• Attacker trades openly on-chain, ignoring ongoing investigations and scrutiny.

The individual behind the May 2025 Coinbase breach is actively converting stolen funds into Ethereum. On-chain data shows the hacker recently purchased 4,863 ETH using $12.5 million in DAI at a price of $2,569 per token.

Authorities have traced the transactions to wallets connected to the exploit, confirming that the attacker now holds $45.36 million in DAI across two addresses. This can be attributed to a number of trades in which the hacker sold stacks of ETH and later re-entered the market to buy more.

Coinbase has verified that the hack was also enabled by employee collaboration. The exchange says that the fake contractors gave access to a small percentage of the user data. Less than 1 percent of customers had their data leaked, though the leak caused about 400 million dollars in losses.

Despite the hackers’ $20 million demand to keep the breach hidden, Coinbase declined to negotiate. Instead, the company revealed the mishap and promised to compensate the affected customers to the fullest extent possible.

The eyes are still on the investigation into the actors involved internally, and Coinbase assured that it is of improved security.

Also Read: Elon Musk Confirms America Party Will Embrace Bitcoin Over Fiat System

Attacker Engages in Strategic Ethereum Trades Amid Ongoing Probe

Blockchain analysts observed the hacker executing calculated moves to maximize value from the stolen assets. Around six weeks ago, the same wallets sold 17,779 ETH for $45.48 million, shortly before repurchasing 207.17 ETH using $536,000 in DAI.

The trades were conducted on THORChain, a decentralized exchange that allows cross-chain swaps. This technique has helped the hacker make fund flows difficult to track, as he has been able to accumulate a position in Ethereum.

All attempts to confiscate the funds or track down the attacker have so far been futile. Strategic behavior is still tracked through on-chain data, which means that the hacker does not have a hurry to leave the market.

Coinbase added that measures were put in place to detect the contractors involved and ensure that such breaches are avoided. Nevertheless, the event demonstrates the persistence of dangers in the crypto market associated with online employees and the transfer of hacked assets within dApps.

The hacker’s Ethereum accumulation strategy following a $400 million exploit has intensified scrutiny from both analysts and law enforcement. As the investigation continues, Coinbase faces pressure to reinforce internal controls and recover the stolen funds.

Also Read: Analyst Says ‘Something Big is Brewing’ as $1.7 Million XRP Shifts From Coinbase

The post Coinbase Hacker Buys Millions in Ethereum After $400M Insider-Linked Exploit appeared first on 36Crypto.