ZachXBT recently discovered a theft worth $15.9 million targeting a provider on Coinbase Commerce. Coinbase's AML system did not detect this suspicious activity, and it is still unclear how the attack occurred.
Some on-chain data and other clues from the perpetrator's social media boasting may help reveal his identity, but the investigation is still ongoing. So far, the victim has not spoken up, further complicating the search.
ZachXBT discovers Coinbase Commerce theft
ZachXBT, a renowned cryptocurrency investigator, has revealed the progress of this investigation through social media posts. Zach said the theft initially occurred on 04/21, with over 1,700 suspicious USDC transactions. The perpetrator quickly converted the stolen USDC worth over $15.9 million to Polygon and then Ethereum. The funds were then split into three wallets, and most remain inactive.
Money laundering of the Coinbase Commerce thief. Source: ZachXBTThe criminal has kept his true identity secret but has started to boast about luxury items under the username "Excite." His face is partially identifiable in some photos, and data suggests he may be in Denmark. ZachXBT said he could identify Excite's real name, but he still has an important question: how did this person breach Coinbase's security system?
"Although the identity of the victim in this case is still unknown, there is clearly a strong lead that could hold this threat accountable. Due to the way the funds were split into three parts, I suspect there may be other participants. One question I have is why Coinbase's AML monitoring system did not detect this suspicious activity within 16 hours,"
he stated.
Interestingly, Coinbase has a history of poor AML monitoring. Last year, they were fined $50 million for compliance violations. Commenters under Zach's posts complained that the company has been overly focused on restricting compliant accounts, but these major criminals have gone undetected.
Last month, ZachXBT investigated another scammer impersonating Coinbase Support. In February, Coinbase Commerce had removed Bitcoin payments due to "operational challenges." But clearly, the platform needs to address underlying issues.
Unfortunately, the victim has not yet spoken up, so we know very little about the circumstances beyond them being a provider on Coinbase Commerce. The investigation continues, hoping to provide more information.
Join the BeInCrypto Community on Telegram to stay updated on the latest analysis and news about the financial markets in general and cryptocurrencies in particular.
