ZachXBT exposed Coinbase Commerce theft and AML failures

ZachXBT recently identified a $15.9 million theft targeting a seller on Coinbase Commerce. Coinbase's AML did not detect the suspicious activity and it is currently unclear how the attack occurred.

Some information on the chain and other clues from the criminal's social media bragging may help identify him, but the investigation is ongoing. So far, the victim has not come forward, complicating the search.

ZachXBT discovers the theft of Coinbase Commerce

ZachXBT, the famous crypto sleuth, revealed the progress of this investigation through social media posts. Zack said the first theft took place on April 21, involving more than 1,700 suspicious USDC transactions.

The criminal quickly bridged the stolen USDC worth over $15.9 million into Polygon and then Ethereum. Later, this was divided into three wallets, and the masses remained asleep.

Although the criminal kept his true identity a secret, he began to traffic in luxury purchases under the username “Excite”. His face was partially identified in some photos, and metadata suggests he may be in Denmark.

ZachXBT said he might be able to identify Excite's real name, but he still had one important question: How did this person breach Coinbase's security?

“While the identity of the victim in this case is unknown, it is clear that there is a strong lead to hold this dangerous actor accountable. Given how the funds were split three ways, I expect there may be others involved. One question I have is why Coinbase's AML monitoring did not detect this suspicious activity within 16 hours.

Interestingly, Coinbase has a poor track record of AML monitoring. Last year, it received a $50 million fine for violating compliance laws. Commenters under Zach's posts have complained that the organization is overzealous in restricting law-abiding accounts, but this major crime has escaped detection.

Last month, ZachXBT investigated another scammer pretending to support Coinbase. In early February, Coinbase Commerce removed Bitcoin payments due to “operational hurdles.” But obviously the platform needs to gather potential problems.

Unfortunately, the victim did not come forward, so we know very little of the situation except for their situation as a Coinbase Commerce provider. Hopefully, further investigation will bring more information to light.