A crypto wallet tagged as the “Coinbase hacker” has been linked to a new $8 million purchase of Solana, according to onchain data from blockchain analytics firms Arkham and Lookonchain. Lookonchain shared two screenshots of the hacker’s transactions on X Sunday, which showed that they used DAI to purchase USDC, bridged funds to the Solana network, and bought 38,126 SOL tokens at an average price near $209. The purchase was valued at roughly $7.95 million, but has already declined by over $200k in value, as Solana trades around $200 at the time of this publication. Coinbase attackers buy Solana months after adding Ether holdings Just two months ago, the hackers offloaded 26,762 Ether for about $69.25 million, a trade that Lookonchain had spotted and linked to the alleged Coinbase exploit. The hacker who stole $300M+ from #Coinbase users bought 38,126 $SOL ($7.95M) at $209 in the past 2 hours. https://t.co/AUBIKUuNND https://t.co/s9rRYnK7M8 https://t.co/GlDgWxZ5T2 pic.twitter.com/AIc0hLEpxQ — Lookonchain (@lookonchain) August 24, 2025 The blockchain transaction monitoring platform tracked at least two purchases of Ethereum from the same address. On July 7, the wallet acquired 4,863 ETH for approximately $12.55 million at an average price of $2,581. Less than two weeks later, on July 19, it added another 649 ETH for $2.3 million, paying an average of $3,562 per token. Data shared by Arkham on Sunday shows transactions of more than $3.3 million in USDC routed through deBridge Finance and swaps executed via CoW Protocol. In total, transfers over the past 48 hours include single trades ranging from $500,000 to over $3 million, often split between DAI and USDC. As reported by Cryptopolitan, blockchain investigator ZachXBT estimated in May that the total losses tied to the event reached $330 million. Around 97,000 Coinbase accounts were affected after hackers bribed external contractors and offshore support staff to access sensitive personal information. According to ZachXBT, the attack wasn’t a conventional cyber intrusion that exploits back-end vulnerabilities, but the perpetrators were in direct communication with Coinbase employees and rogue insiders. After the community went into panic mode when Coinbase announced there was a breach on May 15, the exchange insisted that login credentials were not compromised, but names, email addresses, and other personal details were exposed. Moreover, CEO Brian Armstrong shared a letter from the attackers demanding a $20 million ransom, which the company reportedly refused. Crypto firms fight off social engineering attacks Coinbase is among several crypto businesses that have suffered losses from data breaches in the last 3 years. In 2022, digital bank Revolut confirmed the theft of 50,000 sets of customer data. One year later, Robinhood reported a breach exposing up to 5 million email addresses. The US Securities and Exchange Commission (SEC) fined Robinhood $45 million for securities violations, including $2 million related to the data leak. Per the BBC, a Revolut customer lost £165,000 (about $220,000) in 2023 following the breach, while the bank’s internal systems prevented £475 million in fraudulent activity. Radiant Capital, a cross-chain lending protocol, was breached in mid-October 2024, when attackers drained $58 million from its deployments on BNB Chain and Arbitrum. Last Wednesday, a crypto wallet linked to the exploit purchased 4,913 Ether before selling 4,131 Ether on Saturday, securing a profit of $2.7 million. Lookonchain noted on X that the hacker’s original $49.5 million haul has now grown to more than $105 million, an increase of roughly 114%. Proceeds from the attack were initially swapped into Ether, with the breacher holding around 21,957 ETH valued at approximately $103 million as of August 14. Binance and Kraken have confirmed several attempts by hackers in 2025 using similar social engineering tactics, but they supposedly repelled the efforts without losses. Join Bybit now and claim a $50 bonus in minutes
