Coinbase Exploit Hacker Swaps $5M DAI to USDC, Bridges Funds After 35-Minute Idle Window

ccn.com發佈於 2025-10-02更新於 2025-10-02

Key Takeaways

Coinbase threat actors behind the May breach have become active again, transferring $5 million DAI.
The hackers then swapped DAI to USDC using Circle’s CCTP bridge.
The stolen funds sat in a USDC address for over 35 minutes, but Circle’s compliance norms failed to freeze it.

After five months, the May Coinbase exploit hacker has swiped $5 million of DAI stablecoins for USDC using Circle’s CCTP bridge.

The incident is linked to a breach in which Coinbase users had been tricked into sending funds to attackers after they gained access to personal information.

At the time, Coinbase had estimated that the losses could mount to $400 million.

Try Our Recommended Crypto Exchanges

Bitget

promotions

Earn rewards worth up to 5,000 USDT on your first deposit

Coins

Claim Offer

Bitunix

promotions

Receive up to $100,000 worth of exclusive gifts for newcomers upon registration.

Coins

Claim Offer

Zoomex

promotions

Gain $5 Bonus in USDT when you meet the minimum total Derivatives trading volume of $30,000.

Coins

Claim Offer

ZachXBT Alerts Community

On-chain Seluth ZachXBT shared the incident in his Telegram group, which tracked the movement of funds on the blockchain after months of idleness.

The on-chain investigator said that the threat actor from the “Coinbase breach swapped ~5M DAI for ~5M USDC, which had been sitting as USDC for 35 minutes.”

Due to Circle’s compliance policies and slow response times in freezing suspicious addresses, the funds were successfully extracted via bridges, including Circle’s official Cross-Chain Transfer Protocol (CCTP).

ZachXBT called out Circle for being inactive and non-compliant

“Due to Circle not being compliant, the funds were just bridged away. A portion was bridged using the official Circle CCTP bridge.”

Circle’s policy allows blacklisting USDC addresses but requires manual review. The 35-minute idle was flagged in this case, but processing delays prevented a freeze. CCTP transfers are “validated” post-burn, so recovery is harder once they are minted at the destination.

Theat Actors and Social Engineering Technique

The May Coinbase breach was one of the largest in crypto exchange history. It exposed sensitive customer data for around 69,461 users and enabled social engineering attacks that led to direct thefts totaling $200–400 million.

Hackers bribed overseas customer support agents from Indian call centers like TaskUs to access internal Coinbase systems. These insiders stole data for <1% of monthly active users but targeted high-value accounts with 7–8 figure balances.

The threat actors managed to gain access to emails, phone numbers, the last four digits of SSNs, photo IDs, and physical addresses. This fueled phishing campaigns in which actors posed as Coinbase reps, tricking users into sending crypto.

The hackers behind the whole operation contacted Coinbase, demanding a $20 million bounty. However, the crypto exchange denied the ransom and converted it into a reward for anyone who could help them identify and recover funds.

Top Picks for Bitcoin

你可能也喜歡

猎手反遭围猎，最能赚钱的MEV Bot被黑了

知名MEV Bot地址Jaredfromsubway.eth近期遭遇针对性的“反MEV蜜罐攻击”，损失超过750万美元。攻击者并非利用传统漏洞，而是通过精心部署66个伪装成主流资产的虚假合约与流动性池，制造套利机会诱骗该Bot自动执行交易并授权，最终利用后门逻辑盗取资产。 Jaredfromsubway.eth是以太坊网络上最活跃、盈利最高的MEV Bot之一，擅长通过“三明治攻击”等策略捕获交易滑点收益，历史累计收益达数千万美元级别，甚至曾狙击过Vitalik Buterin的交易。此次事件表明，即使是链上生态中的顶级“掠食者”也面临日益复杂的安全威胁。攻击者通过长期布局，利用了MEV Bot自动化策略的逻辑缺陷进行精准收割。事后，有冒充账户在社交媒体上虚假宣称悬赏追回资金，相关开发者已提醒用户警惕诈骗风险。

Odaily星球日报42 分鐘前

Odaily星球日报42 分鐘前

在熊市做音乐：一个比特币乐队的生存实验

在加密熊市背景下，比特币乐队Orange Pill Jam坚持创作与录音，探索金融主权、隐私和体制腐败等主题。乐队风格多元，接受比特币支付，在传统流媒体平台数据平平，但在特定社群备受喜爱。他们致力于制作既能让非比特币用户欣赏，又不刻意迎合比特币圈层的音乐。乐队起源于2022年卢加诺的Plan B论坛，主唱Mermaid为致谢比特币内容创作者而写的歌促成了乐队的形成。创作中，Mermaid负责歌词与旋律轮廓，制作人Michi则以其鼓手背景赋予节奏与身体感，两人在碰撞中形成乐队独特的张力。歌曲如《Cypherpunks' Manifesto》和《自由之火》探讨数字隐私、个人主权等理念，并将萨尔瓦多比特币合法化等真实体验融入其中。面对AI生成音乐的冲击，他们认为机器无法替代人类在创造新流派和捕捉意图与本能间微妙节奏的能力。乐队采用Copyleft模式，开放音乐分享与混音，接受各种货币赞助。在熊市与算法主导的流媒体环境中，他们面临收入与曝光的现实挑战，但坚持认为其音乐中不可复制的人类创造力与具体体验，是内容泛滥时代最宝贵的价值。他们的创作本身，即是对比特币信仰与人类艺术生命力的一次实验。

marsbit56 分鐘前

marsbit56 分鐘前

谷歌AI人才接连流失，是压力测试还是“讣告”前奏？

谷歌接连失去三位顶级AI人才：工程副总裁、Transformer架构提出者之一Noam Shazeer加入OpenAI；DeepMind副总裁、AlphaFold核心人物John Jumper加入Anthropic；对话式AI先驱Daniel De Freitas的动向也引人关注。这些流失触及了Transformer、对话式AI和科学AI等关键领域，引发市场对谷歌竞争力的担忧。然而，将此事视为谷歌的“讣告”可能为时过早。这更应被看作一次压力测试。人才流失本身反映了谷歌仍是AI顶级人才的核心储备库，正因其重要才成为竞争对手IPO前夜的重点挖掘对象。谷歌的优势在于其远超单一模型的“全栈”能力：拥有自研TPU、云基础设施、Gemini等模型矩阵，以及搜索、YouTube、安卓等覆盖数十亿用户的终端产品，构成了强大的集成生态和分发网络。此外，谷歌通过巨额投资和云服务与Anthropic等对手形成深度绑定，在“AI淘金热”中同时扮演“掘金者”和“卖水人”的角色。尽管面临创新者困境，核心搜索业务转型挑战以及大公司决策迟缓等问题，但谷歌正通过积极整合Gemini、重塑搜索体验、战略性收购（如Character.AI）等方式应对。AI竞赛是长期游戏，谷歌凭借其技术栈、资源与生态，仍是少数有能力在多层面参与竞争的公司。当前的动荡是一次严峻考验，但并非终局。

marsbit1 小時前

marsbit1 小時前

拉美支付现状跟你想的很不一样

作者通过近一个月在拉美的实地考察，揭示了当地支付生态与外界认知的差异。核心发现包括：加密卡的主要交易量来自高净值专业人士的工资兑换，而非小额零售消费；二维码支付（如巴西的Pix）已在新兴市场占据主导，正在快速取代卡组织轨道；各国即时支付系统在国际间互操作性缺失，是巨大的市场机会。此外，支付竞争重点正从获客转向争夺结算层，领先公司通过收购银行以提升效率。拉美并非单一市场，各国差异巨大，需精细化运营。稳定币跨境兑换利润正被压缩至趋零，未来竞争在于增值服务。值得注意的是，拉美在加密与支付领域的监管清晰度与实践已领先于美国。文章强调，成功的关键在于深入理解不同用户群体的资金流向与需求，而非泛化策略。

链捕手1 小時前

链捕手1 小時前

XRP 在谐波模式和关键支撑区附近形成反转形态

根据分析师The_Alchemist_Trader_于6月20日的分析，XRP当前正处在一个关键技术区域，这可能决定其下一轮主要走势。XRPUSD目前位于一个关键的支撑区域，该区域汇聚了多重技术因素，包括0.618斐波那契回撤位和当前交易区间的成交量中枢。这种技术汇合区域通常被视为多空双方的重要博弈点。图表分析显示，XRP可能正在构筑一个谐波反转形态的基础。虽然这种形态并非百分之百准确，但它为交易者提供了一个识别潜在转折点、失效区域和目标的框架。当前的核心在于观察价格在该支撑区域的表现：若能出现强劲反弹并伴随成交量支持，将强化反转论点；反之，若需求疲弱、支撑被反复测试并最终跌破，则反转论点将难以成立。对于XRP多头而言，关键在于能否出现持续性的上涨动能，而不仅仅是短暂的反弹。这意味着价格需要有效突破附近阻力位，并维持成交量，避免快速回落至同一支撑区。若缺乏这些要素，市场可能将其视为又一次失败的反弹。总之，该分析应被视为一个值得关注的技术形态“设定”，而非价格预测。支撑区域明确，技术汇合显著，潜在的反转结构值得观察，但最终仍需市场通过实际价格走势来确认。

bitcoinist2 小時前

bitcoinist2 小時前

交易

現貨

合約

Coinbase Exploit Hacker Swaps $5M DAI to USDC, Bridges Funds After 35-Minute Idle Window

Bitget

Bitunix

Zoomex

ZachXBT Alerts Community

Theat Actors and Social Engineering Technique

你可能也喜歡

猎手反遭围猎，最能赚钱的MEV Bot被黑了

在熊市做音乐：一个比特币乐队的生存实验

谷歌AI人才接连流失，是压力测试还是“讣告”前奏？

拉美支付现状跟你想的很不一样

XRP 在谐波模式和关键支撑区附近形成反转形态

交易

熱門分類

熱門標籤