- Trending
- Comments
- Latest
On-chain data shows that the Coinbase hacker wallet carried out a significant transaction on October 3, 2025, marking one of its largest Solana purchases to date. Blockchain analyst EmberCN reported that the hacker swapped 22.95 million DAI into USDC, before bridging the funds to the Solana network. The attacker then bought 100,913 SOL at an average price of $227.
The hacker then moved the purchased SOL to other addresses, leaving only $0.47 in the tracked wallet by 09:24 UTC. This activity underscores a growing pattern: the hacker has repeatedly funneled stolen funds into Solana following the $400 million Coinbase breach in May 2025.
Just a month earlier, the same wallet executed a similar move, swapping DAI for USDC to acquire 38,126 SOL. At press time, Solana trades at $231, up 3% in the past 24 hours, though still 21% below its all-time high of $293.
Large-scale moves like this not only impact market sentiment but also highlight the ease with which bad actors can shift funds across blockchains, — Adam Cochran, Partner, Cinneamhain Ventures, in a comment.
The Coinbase hacker wallet has conducted at least five major on-chain transactions since the May attack. Initial activity included converting $42.5 million in Bitcoin (BTC) into Ethereum (ETH) via THORChain. Within weeks, the hacker sold 26,347 ETH for 68.18 million DAI at an average of $2,588 per coin.
By July, the attacker repurchased 5,513 ETH for 14.86 million DAI at $2,696, suggesting an effort to re-enter Ethereum positions. However, subsequent transactions shifted heavily toward Solana, raising speculation about the motives behind the trades.
Whether this is laundering, arbitrage, or a long-term bet on Solana’s growth, the visibility of the Coinbase hacker wallet shows both the transparency and the limits of blockchain enforcement, — Tom Robinson, Chief Scientist, Elliptic.
The deliberate swaps from DAI to USDC before entering Solana indicate calculated steps to maximize liquidity and minimize slippage in high-volume trades. Analysts argue the strategy suggests professional-level execution rather than opportunistic behavior.
The Coinbase hacker wallet is directly tied to the May 2025 security breach, one of the largest attacks on a U.S.-based crypto exchange. The incident, which cost Coinbase over $400 million, impacted nearly 70,000 users.
Hackers reportedly bribed overseas contractors working in customer support, extracting sensitive user data between December 2024 and May 2025. Compromised information included full names, addresses, dates of birth, phone numbers, masked bank details, and government-issued ID scans, according to CoinDesk.
In response, Coinbase pledged to strengthen oversight and third-party risk management. “We are implementing stricter monitoring, enhanced employee vetting, and tighter security protocols with our contractors,” the Coinbase security team said in a company blog post.
Regulators have also taken note. U.S. lawmakers and the Securities and Exchange Commission (SEC) have highlighted the Coinbase breach as evidence of systemic risks within centralized exchanges, while European authorities have warned that large-scale data leaks could undermine consumer trust in regulated crypto platforms.
While the Coinbase hacker wallet movements have drawn attention from analysts, they also highlight broader challenges in regulating crypto flows. Blockchain surveillance firms such as Chainalysis can track stolen assets, but enforcement typically requires assets to touch regulated exchanges.
Cases like this underline the need for real-time tracking and stronger exchange compliance. Until then, attackers can keep recycling funds through public chains with little consequence, — Kim Grauer, Head of Research, Chainalysis, in comments to Bloomberg.
For investors, the hacker’s trades intersect with Solana’s ongoing rally. The token has risen 10.8% in the past month, suggesting bullish momentum. However, the Coinbase hacker wallet activity also injects uncertainty, with critics arguing that the scale of stolen funds could distort markets if liquidated aggressively.
The movement of funds through the Coinbase hacker wallet underscores both the strengths and weaknesses of blockchain transparency. While analysts can trace every transaction, recovering assets remains elusive.
For Coinbase, the breach continues to damage credibility at a time of heightened regulatory scrutiny. For policymakers, the episode demonstrates why enforcement tools must evolve alongside decentralized finance.
As the Coinbase hacker wallet continues shifting assets across networks, industry observers expect regulators to push harder for tighter Know-Your-Customer (KYC) rules and more proactive monitoring. Whether these measures succeed could determine how resilient centralized exchanges are in the face of future cyberattacks.
