A developing story surrounding a recent crypto breach, where the attacker targeted Coinbase users, has taken a twist when the attacker emerged in the public eye after making a large purchase of Solana. The hackers purchase made clear his planned, strategic path to profit from the stolen crypto assets. This is the third documented movement from the hacker, who has publicly showed an intentional plan to profit from his hacked funds since the incident in May.
The $7.9 Million Solana Acquisition
The latest development in this unfolding saga involves the acquisition of 38,126 Solana tokens, valued at approximately $7.9 million. Blockchain analysis revealed that the hacker took great effort to convert 7.957 million DAI into USDC before transferring the funds to the Solana blockchain. The coins were reportedly transferred at around an average price of $208.7 per token one day prior, a price that corresponds well to the current bullish sentiment and technical analysis for Solana’s price action. The timing of the acquisition suggests that the hacker recognized the upward price momentum of the Solana token, which shows shrewd market intelligence.
The Insider Attack That Rocked Coinbase
Rather than traditional cyber-attacks that take advantages of technology vulnerabilities to access resources and exploit users, the Coinbase breach was a form of more sophisticated social engineering. The breach went undetected for several months, as it was enabled by bribing a small group of overseas customer-support agents. These insider threats were manipulated into leaking sensitive personal data of nearly 70,000 users. Although no private keys or credentials were compromised, the information breached (full names, dates of birth, addresses, and government ID scans) could be used to perpetrate any number of highly-targeted and convincing scams against victims.
A Calculated Pattern of Trading
This recent Solana purchase is not an isolated event but part of a larger pattern. The hacker first came into the spotlight in May when they sold 26,347 Ethereum for 68.18 million DAI. Only two months after their original theft, in July, they repurchased some of the Ethereum, demonstrating a pattern of strategic asset reallocation. The use of different crypto assets, along with cross-chain transfers, shows an effort to hide the trail of stolen assets. The intentional organization suggests sophistication beyond simple theft, in which the actor may be viewed in the context of a digital financial operator looking for both illegal benefits from theft, as well as strategic performance of the digital assets prepared for cyber-financial-market gaming purposes as well.
The Unfolding Financial Fallout
The hack has severely impacted Coinbase’s finances. The company learned about the breach when they received a $20 million ransom demand. They declined to pay the ransom, but offered a $20 million bounty for information leading to an arrest. Coinbase has pledged to reimburse affected customers that were scammed from the scams related to the situation. The estimated costs for remediation and restitution, however are estimated to be in between the “guesstimate” of $180 million and $400 million, a considerable range that provides insight about the severity of financial and reputation damage from the security breach.
A New Era of Cybercrime and Vigilance
The Coinbase attack is a testament to the changing state of cybercrime. Attackers are beginning to shift their focus from technical weaknesses towards human identities, making it important to re-evaluate internal security controls along with being aware and vigilant. Coinbase has taken measures to enhance its security controls but this incident will spark litigation and regulatory actions. As far as crypto users are concerned, the important lesson is to be aware that no platform can protect you from social-engineering-specific attacks; if your account is targeted, it is up to you to be aware and protect yourself against social engineering attacks. The key takeaway is in the digital world, the weakest link will not be a piece of code but the user.
