A crypto wallet tagged as the “Coinbase hacker” has been linked to a new $8 million purchase of Solana, according to onchain data from blockchain analytics firms Arkham and Lookonchain.
Lookonchain shared two screenshots of the hacker’s transactions on X Sunday, which showed that they used DAI to purchase USDC, bridged funds to the Solana network, and bought 38,126 SOL tokens at an average price near $209.
The purchase was valued at roughly $7.95 million, but has already declined by over $200k in value, as Solana trades around $200 at the time of this publication.
Coinbase attackers buy Solana months after adding Ether holdings
Just two months ago, the hackers offloaded 26,762 Ether for about $69.25 million, a trade that Lookonchain had spotted and linked to the alleged Coinbase exploit.
The hacker who stole $300M+ from #Coinbase users bought 38,126 $SOL($7.95M) at $209 in the past 2 hours.https://t.co/AUBIKUuNNDhttps://t.co/s9rRYnK7M8https://t.co/GlDgWxZ5T2 pic.twitter.com/AIc0hLEpxQ
— Lookonchain (@lookonchain) August 24, 2025
The blockchain transaction monitoring platform tracked at least two purchases of Ethereum from the same address. On July 7, the wallet acquired 4,863 ETH for approximately $12.55 million at an average price of $2,581. Less than two weeks later, on July 19, it added another 649 ETH for $2.3 million, paying an average of $3,562 per token.
Data shared by Arkham on Sunday shows transactions of more than $3.3 million in USDC routed through deBridge Finance and swaps executed via CoW Protocol. In total, transfers over the past 48 hours include single trades ranging from $500,000 to over $3 million, often split between DAI and USDC.
As reported by Cryptopolitan, blockchain investigator ZachXBT estimated in May that the total losses tied to the event reached $330 million. Around 97,000 Coinbase accounts were affected after hackers bribed external contractors and offshore support staff to access sensitive personal information.
According to ZachXBT, the attack wasn’t a conventional cyber intrusion that exploits back-end vulnerabilities, but the perpetrators were in direct communication with Coinbase employees and rogue insiders.
After the community went into panic mode when Coinbase announced there was a breach on May 15, the exchange insisted that login credentials were not compromised, but names, email addresses, and other personal details were exposed.
Moreover, CEO Brian Armstrong shared a letter from the attackers demanding a $20 million ransom, which the company reportedly refused.
Coinbase is among several crypto businesses that have suffered losses from data breaches in the last 3 years. In 2022, digital bank Revolut confirmed the theft of 50,000 sets of customer data. One year later, Robinhood reported a breach exposing up to 5 million email addresses.
The US Securities and Exchange Commission (SEC) fined Robinhood $45 million for securities violations, including $2 million related to the data leak. Per the BBC, a Revolut customer lost £165,000 (about $220,000) in 2023 following the breach, while the bank’s internal systems prevented £475 million in fraudulent activity.
Radiant Capital, a cross-chain lending protocol, was breached in mid-October 2024, when attackers drained $58 million from its deployments on BNB Chain and Arbitrum.
Last Wednesday, a crypto wallet linked to the exploit purchased 4,913 Ether before selling 4,131 Ether on Saturday, securing a profit of $2.7 million. Lookonchain noted on X that the hacker’s original $49.5 million haul has now grown to more than $105 million, an increase of roughly 114%.
Proceeds from the attack were initially swapped into Ether, with the breacher holding around 21,957 ETH valued at approximately $103 million as of August 14.
Binance and Kraken have confirmed several attempts by hackers in 2025 using similar social engineering tactics, but they supposedly repelled the efforts without losses.
