Phishing Wallet Used in Coinbase Scam Washes $42.5M Through Thorchain, Taunts ZachXBT

A wallet address identified as "Fake_Phishing1158790" on Etherscan has been in the center of major attention after exchanging $42.5 million worth of Bitcoin for Ether through Thorchain, a decentralized cross-chain liquidity protocol. The exchange is believed to be part of a larger scheme to wash stolen money gotten through phishing.

Insult to injury, the wallet also sent a taunting onchain tweet to well-known blockchain researcher ZachXBT, merely writing "L bozo" and adding a YouTube link to an archived video of NBA Hall of Famer James Worthy, apparently to mock ZachXBT's research.

ZachXBT Links Wallet to Coinbase Phishing Attacks

The wallet, as reported by ZachXBT, is associated with a significant phishing campaign specifically aimed at Coinbase users. In a Telegram post on March 2025, the investigator disclosed that the group had hacked more than $65 million during the period December 2024 to January 2025 by impersonating Coinbase customer support staff. These hacks are reportedly part of an even larger $300 million yearly scam aimed at Coinbase clients.

Coinbase Breach Affected Nearly 70,000 Users

This week, Coinbase revealed that almost 70,000 customers were impacted in a data breach that happened in December 2024. In a U.S. Securities and Exchange Commission (SEC) filing, some past staff members misused inside privileges by taking bribes to expose delicate customer information.

Despite passwords and wallet keys not being stolen, Coinbase has established that KYC information was exploited by attackers. Upon the breach, the people who controlled the stolen data demanded a ransom of $20 million, threatening to release the information on the internet. Coinbase did not oblige the demand but instead posted a $20 million bounty to assist in tracing the culprits.

Unconfirmed Connection Between Data Breach and Phishing Scam

Coinbase has not yet confirmed whether the phishing campaign revealed by ZachXBT is linked directly to the December breach. The company estimates, however, that it might spend as much as $180 million to $400 million on remediation and customer reimbursement related to the breach.

The investigation is ongoing as law enforcement and blockchain analysts continue to follow leads associated with the phishing operation and fund movement.

By including relevant keywords and linking to related articles, the rewritten content aims to provide comprehensive information while enhancing search engine optimization for CryptoTelegraphs.

Join Telegram Channel For Daily New update: https://t.me/cryptotelegraphs_updates