Tag:

hacker

Coinbase hacker spent stolen funds on 100k Solana

by admin October 3, 2025

On-chain analysis shows that the Coinbase hacker spent $22.95 million worth of USD Coin and spent it on Solana. This marks the second major SOL purchase made by the hacker.

Summary

The Coinbase hacker recently swapped $22.95 million DAI into USDC and bridged it to Solana to buy over 100,000 SOL.
Since the attack, the hacker has executed at least five major on-chain transactions involving Bitcoin, Ethereum, DAI, and Solana.

According to on-chain analyst Ember CN, the hacker swapped around 22.95 million DAI into USDC only a few hours before bridging the funds. Not long after, the hacker bridged the 22.95 million USDC to the Solana network to purchase 100,913 SOL at an average price of $227.

As of Oct. 3 on 09:24 UTC, the hacker had emptied out most of their holdings on the wallet address, leaving only $0.47 worth of Solana (SOL).

This marks the largest SOL purchase made by the hacker allegedly responsible for draining up to $400 million from a cyberattack that occurred in May 2025. Just a month prior, the hacker also swapped DAI (DAI) for USDC before using the stolen funds to purchase 38,126 Solana.

The Coinbase hacker had spent stolen funds to purchase 100,913 SOL | Source: EmberCN

At press time, Solana is trading at $231 after rising by 3% in the past 24 hours. In the past month, SOL has been on an upward trend, having risen by 10.8%. However, it is still standing below its all-time high at $293 by 21.2%.

Coinbase hacker moves stolen funds from May cyberattack

So far, the Coinbase hacker has made at least five transactions on-chain since robbing the major crypto exchange of at least $400 million in damages. In May 2025, the hacker swapped about $42.5 million from Bitcoin (BTC) into ETH (ETH) via THORChain. Within the same month, the hacker sold 26,347 Ethereum for 68.18 million DAI. The sale was done at a price of $2,588.

Later in July, the hacker repurchased 5,513 ETH by spending 14.86 million DAI at $2,696. After a period of dormancy, the hacker appeared to use more DAI converted into USDC to buy chunks of large Solana purchases, much like the most recent one.

The May 2025 breach on Coinbase reportedly impacted nearly 70,000 users as the hacker deployed coordinated social-engineering on the attack.

To carry out the cyberattack, hackers had bribed overseas customer-support contractors to extract user records between December 2024 and May 2025. The attack compromised personal data, including full names, dates of birth, addresses, phone numbers, masked bank account numbers, and government-issued ID scans.

Source link

October 3, 2025 0 comments

NFT Gaming

Hacker moves stolen funds, sells $6.8m ETH

by admin September 24, 2025

The attacker responsible for the UXLINK hack is still shuffling their loot, recently dumping millions in assets in a bid to convert the proceeds of the hack.

Summary

The UXLINK hack continues to unfold as attacker offloads about $6.8 million worth of ETH.
In a twist, the attacker recently lost a hefty portion of the stolen tokens to a phishing attack while moving assets.
UXLINK has finalized a new smart contract audit and is preparing for a token migration

The UXLINK hack has entered a new chapter as the attacker continues to shuffle funds stolen from the protocol. Per data from on-chain trackers, the malicious actor converted roughly 1,620 ETH into DAI stablecoins in the early hours of today, valued at approximately $6.8 million at the time of the transaction.

Occurring nearly 48 hours after the exploit, this transaction marks the first major effort by the attacker to cash out the stolen assets. The hacker had already engaged in extensive fund shuffling, moving assets across multiple wallets and using both centralized and decentralized exchanges to complicate the trail and attempt laundering.

In an interesting twist, the attacker has already lost a significant portion of the stolen funds to a phishing attack. Security researchers found that they had unknowingly granted approval to a malicious contract controlled by the Inferno Drainer group, allowing 542 million UXLINK tokens, worth roughly $43 million at the time, to be drained from their wallet.

The recently converted ETH represents only a portion of the stolen funds, with the attacker still estimated to be holding millions in assorted assets.

How the UXLINK hack Happened

The UXLINK hack began on September 22 and continued for several hours into the following day. The core of the attack involved an exploit of the project’s multi-signature wallet through a delegate call vulnerability. This security flaw gave the attacker administrator-level access, enabling unauthorized transfers and the ability to mint large amounts of fake tokens.

Within hours, the attacker minted nearly 10 trillion CRUXLINK tokens on the Arbitrum blockchain and swiftly liquidated part of these tokens for ETH, USDC, and other assets, draining liquidity and causing the token to crash by more than 70%.

The protocol responded immediately, alerting exchanges to freeze suspicious transactions and working with security firms to trace and mitigate further losses. However, these efforts did little to offset the damage already done.

UXLINK has since deployed emergency measures, including a token migration to a newly audited smart contract with a capped supply to prevent similar exploits. The audit focused on reinforcing security and tightening controls around multisig wallets and contract interactions.

The latest rounds of asset shuffling and conversions by the hacker complicate any hopes for full recovery of the stolen funds, and it remains to be seen whether additional movements will occur in the near term.

Source link

September 24, 2025 0 comments

Crypto Trends

UXLINK plans token swap as hacker continues minting tokens

by admin September 23, 2025

UXLINK will launch a token swap after a hacker exploited its multi-sig wallet and began minting tokens while also draining millions in assets.

Summary

UXLINK suffered a $11.3M hack via multi-sig breach.
Token price dropped over 70% after exploit.
UXLINK plans token swap to restore supply integrity as hacker continues unauthorized minting.

UXLINK is preparing a token swap to protect its ecosystem after a hacker exploited its multi-signature wallet and continued unauthorized minting of tokens.

On Sept. 23, UXLINK posted a security update on X confirming that a malicious actor is still minting UXLINK tokens without authorization. The team said it is working with major centralized exchanges to suspend trading and will soon initiate a token swap plan to restore the project’s token economy.

UXLINK breach and unauthorized minting

The attack was first disclosed on Sept. 22 after blockchain security firm Cyvers flagged suspicious activity on UXLINK’s smart contracts. The project’s multi-sig wallet was compromised by hackers who exploited a “delegateCall” vulnerability to gain administrator privileges.

This made it possible for assets worth approximately $11.3 million to be stolen, including $4.5 million in stablecoins and major tokens such as ETH and WBTC.

The attacker also minted between 1–2 billion UXLINK tokens on Arbitrum (ARB), of which 490 million were initially received and later sold across decentralized exchanges. Proceeds were bridged to Ethereum (ETH) and swapped into ETH, netting around 6,732 ETH ($28.1 million at current prices).

Despite quick intervention from exchanges, including Upbit, which froze deposits, the minting exploit has left the token supply compromised. UXLINK’s price dropped over 70% in the aftermath, falling from $0.30 to near $0.09, erasing around $70 million in market cap.

UXLINK’s response and mitigation efforts

The project emphasized that user wallets were not directly affected. Most of the hacker’s funds have been frozen on exchanges, and law enforcement agencies are involved in recovery efforts. PeckShield has been engaged to assist with the investigation and auditing.

With the ongoing unauthorized minting, UXLINK said a token swap will be rolled out “promptly” to protect holders and realign the supply with its whitepaper rules. Further instructions will be issued through official channels.

The team reiterated its focus on protecting its 55 million users and ensuring transparency during the recovery process.

Source link

September 23, 2025 0 comments

Solana price path to $200 stalls as transactions and addresses jump

GameFi Guides

Coinbase hacker uses stolen crypto to buy 38,126 Solana

by admin August 24, 2025

The hacker behind a recent Coinbase breach has surfaced with a 38,126 Solana purchase worth approximately $7.9 million, made with funds stolen from the exchange’s customers.

According to blockchain analyst Ember CN, the hacker converted 7.957 million DAI to USDC, then bridged these funds to the Solana network to purchase Solana (SOL) at an average price of $208.7.

The purchase comes as Solana trades up over 17% in the last 30 days, though the token remains down 29% from its all-time high of $293 reached in January.

This marks the third significant asset allocation move by the hacker behind the Coinbase breach in May.

Hacker’s strategic trading pattern spans over months

The Coinbase hacker has shown methodical trading behavior since gaining access to customer funds on at least two occasions:

In May, the hacker sold 26,347 Ethereum (ETH) for 68.18 million DAI. The sale was done at a price of $2,588.
Two months later in July, the hacker repurchased 5,513 ETH with 14.865 million DAI at $2,696.

X post by analyst EmberCN

The $208.7 purchase price aligns with analyst predictions that SOL could rally toward $360.

Technical analysis from trader Ucan indicates that Solana is currently moving within a rising channel, following the formation of a rounded bottom pattern.

Key resistance levels include $215 for initial resistance, $227 for breakout confirmation, and $242 as a strong upside target. The channel top sits at $251.

The hacker’s timing coincides with bullish sentiment around Solana, with prominent trader Ali recently asking to hold SOL until $360.

$SOL | Technical Analyses

Solana is moving within a rising channel after forming a rounded bottom. 👀

Key levels to watch 👇

• $215 – first resistance
• $227 – breakout confirmation
• $242 – strong upside target
• $251 – channel top

As long as $190 support holds, the… pic.twitter.com/mmdVSeH2Yl

— 𝖀𝖈𝖆𝖓 (@Ucan_Coin) August 23, 2025

Coinbase hack impact continues to unfold

The May Coinbase breach affected nearly 70,000 users through a coordinated social-engineering attack. Cybercriminals bribed overseas customer-support contractors to extract user records between December 2024 and May 2025.

The attack compromised personal data, including full names, dates of birth, addresses, phone numbers, masked bank account numbers, and government-issued ID scans.

Coinbase disclosed the incident publicly after receiving a $20 million ransom demand, which the company refused to pay.

CEO Brian Armstrong pledged to reimburse affected customers. Additionally, he offered a $20 million reward for information leading to an arrest. The breach triggered an estimated remediation cost of up to $400 million for the exchange.

Source link

August 24, 2025 0 comments

Crypto Trends

Radiant Capital hacker doubles $53M stash via ETH trading

by admin August 20, 2025

The hacker behind last year’s $53 million Radiant Capital exploit has nearly doubled the value of the stolen funds through a well-timed Ethereum trading strategy.

Summary

The Radiant Capital hacker increased stolen funds from $53M to $94M through ETH and DAI trading.
The October 2024 attack exploited Radiant’s multisig wallet using macOS malware.
Attribution points to North Korea-linked AppleJeus, with little chance of recovery.

According to on-chain analyst EmberCN’s Aug. 19 X post, the hacker had earlier sold 9,631 Ethereum (ETH) at an average of $4,562 for 43.9 million Dai (DAI), only to buy back 2,109.5 ETH for $8.64 million DAI once prices pulled back to $4,096.

The wallet now holds 14,436 ETH and 35.29 million DAI, a portfolio worth $94.63 million. This represents a gain of more than $41 million over the initial value of the stolen funds. Blockchain analytics firm Lookonchain noted that the decision to keep most of the assets in ETH during its rally played a major role in the increased balance.

啊，好家伙，这 Radiant Capital 黑客竟然玩起波段来了😂：
他不是在一周前以 $4,562 的均价卖出了 9,631 枚 ETH 换成 4393.7 万 DAI 嘛。
这几天 ETH 回调了，他在过去 1 小时里又用 $864 万 DAI 以 $4,096 的价格重新买回了 2109.5 枚 ETH…

现在 Radiant Capital 黑客持有 14,436 枚 ETH+3529 万… https://t.co/hO4MbNPrjd pic.twitter.com/ihLYhpmNAV

— 余烬 (@EmberCN) August 20, 2025

From $53 million heist to $94 million stash

The October 2024 breach of Radiant Capital, a multi-chain decentralized finance protocol, was one of the most damaging attacks of the year. By compromising the multisignature wallet of its core team through a macOS-specific malware called INLETDRIFT, the attacker siphoned tokens from lending pools on Arbitrum (ARB) and BNB (BNB) Chain.

At the time, the stolen assets were quickly converted into 21,957 ETH, then valued at about $53 million when Ethereum was trading near $2,500. Rather than liquidating the holdings, the hacker held ETH as its price climbed. In recent weeks, the attacker executed several trades to increase exposure.

Radiant Capital hack attribution and ongoing risks

The attack has been linked by some blockchain security experts to North Korea’s AppleJeus group, known for targeting exchanges and DeFi protocols. Radiant Capital worked with the FBI, Chainalysis, and Web3 security firms like SEAL911 and ZeroShadow after the hack, but recovery prospects remain slim as the funds continue to move through Ethereum-based trading activity.

The October incident marked the second breach of Radiant in 2024, following a smaller $4.5 million flash loan exploit earlier that year. It underscored persistent security risks in DeFi, which has already seen significant losses in 2025.

With over $94 million now under control, the attacker’s next move will be closely watched by analysts and security teams.

Source link

August 20, 2025 0 comments