"He’s Back": $300M Coinbase Hacker Buys $2.3M ETH via Same Wallet

The $300M Hacker Strikes Again

Nine hours ago, as Ethereum prices neared $3,600, the hacker who breached Coinbase’s security bought 649.62 ETH ($2.31 million) their second major acquisition this month. On July 7, they bought 4,863 ETH at $2,569 (totaling $12.5 million), capitalizing on lower prices before ETH’s explosive 24% weekly surge. With $45.36 million in Dai stablecoins still parked across two wallets, analysts warn more buys are imminent.

“This isn’t gambling, it’s surgical market manipulation. They trade like a hedge fund pro,” said Lookonchain’s lead investigator.

Inside the Heist: Bribes, Not Code Breaks

The attacker didn’t crack blockchain encryption. Instead, they bribed Coinbase support agents overseas for customer data like emails, ID scans, and wallet details then impersonated the exchange to trick users into “emergency transfers”.

The fallout:

• 97,000 victims drained of $300M+
• Coinbase’s $400M reimbursement hit
• Fired employees linked to the breach.

Why Ethereum? The Perfect Laundering Storm

The hacker’s timing exploits three market shifts:

1. Institutional chaos: BlackRock’s ETH ETF lobbying fueled $726M daily inflows, masking large transactions 4.
2. Technical signals: ETH’s “Strong Buy” rating drowned out red flags.
3. Regulatory gaps: Mixer services (like Tornado Cash) swiftly obscure fund trails critical when Lazarus Group ties loom.

Global Security Wake-Up Call

February’s $1.5B Bybit hack tied to North Korea’s Lazarus Group exposed identical vulnerabilities: compromised third-party tools during “cold-to-warm” wallet transfers 68. Yet crypto’s crime scale is often exaggerated:

Regulatory Crossroads:

El Salvador’s National Commission of Digital Assets (CNAD) now leads global crypto oversight with MIT/Harvard-trained regulators enforcing:

• Mandatory multi-sig wallets
• Zero-tolerance for mixers
• 84% project rejection rates.

Meanwhile, the SEC’s “enforcement pullback” under Trump’s pro-crypto stance leaves U.S. exchanges vulnerable.

Urgent Protections for Investors

If you’ve used Coinbase, Kraken, or Bybit:

1. Enable withdrawal allow-listing (blocks unauthorized transfers).
2. Use hardware 2FA (Authy/Google Authenticator—never SMS).
3. Ignore “urgent” support calls—real exchanges never demand transfers 513.