A hacker has stolen $15.9 million from a Coinbase Commerce vendor, exploiting the platform's AML (Anti-Money Laundering) system. The theft, uncovered by well-known crypto investigator ZachXBT, involved over 1,700 suspicious USDC transactions, followed by laundering the funds through Polygon and Ethereum. The criminal, using the alias "Excite," has been flaunting luxury purchases online, with metadata suggesting a possible location in Denmark.
The attack, which began on April 21, saw the stolen funds split across three wallets, most of which remain inactive. ZachXBT noted that the culprit partially revealed his face in photos shared on social media, providing a lead that could help identify him. However, questions remain about how Coinbase's AML system failed to detect these activities within a 16-hour window. This lapse has raised concerns, especially given Coinbase's past issues with compliance and a $50 million fine for violations last year.
Commenters on ZachXBT's posts criticized Coinbase for being overly strict with legitimate users while failing to catch significant criminal activities. This incident follows other challenges for the platform, including recent scams impersonating Coinbase Support and the removal of Bitcoin payments due to operational issues.
ZachXBT hinted that others might be involved in the theft, given how the funds were divided. He also emphasized the importance of determining how the hacker bypassed Coinbase’s security measures. The platform’s failure to flag this activity adds to its growing list of vulnerabilities.
So far, the victim has not come forward, making it harder to gather details about how the breach occurred. The investigation continues, and further updates may provide more clarity on the case and the hacker's identity.