The Coinbase hacker reportedly converted DAI to USDC, bridged funds to Solana and bought 38,126 SOL near $209, using stolen proceeds — a trade now at a paper loss as SOL trades around $202. Blockchain analytics firms Lookonchain and Arkham link the wallet to hundreds of millions in thefts.
-
Coinbase-linked wallet bought 38,126 SOL near $209
-
Radiant Capital attacker swapped stolen proceeds into Ether and increased its stash to over $100M
-
On-chain monitors (Lookonchain, Arkham, ZachXBT) flag multiple hacker wallets and quantify losses near $300M
Coinbase hacker Solana buy: Coinbase-linked wallet bought 38,126 SOL near $209 using bridged funds — track on-chain activity now with COINOTAG alerts.
What did the Coinbase hacker buy on Solana?
The Coinbase hacker bought 38,126 SOL using converted DAI bridged to Solana, purchasing across multiple transactions near $209 per SOL. Blockchain analytics firms Arkham and Lookonchain have flagged the wallet and connected it to large-scale thefts affecting Coinbase users.
The Radiant Capital hacker and another alleged unknown cybercriminal have also been seemingly making trades in the market, according to Lookonchain.
A wallet address labeled by blockchain security analysts as the “Coinbase hacker” bought $8 million in Solana on Sunday using their reportedly ill-gotten gains.
According to Lookonchain, the hacker converted DAI (DAI) to USDC (USDC), then bridged to the Solana network and bought 38,126 Solana (SOL) near the $209 mark across multiple purchases.
Solana is currently trading at $202.15, meaning the hacker has made a paper loss since the trade.
Blockchain analytics platform Arkham has flagged the wallet address as “Coinbase hacker,” while Lookonchain claims the wallet is linked to the theft of over $300 million from Coinbase users.
How did the wallet move funds to Solana?
The wallet reportedly swapped DAI into USDC, used a cross-chain bridge to move funds onto the Solana network, and executed multiple buys to accumulate 38,126 SOL. Arkham and Lookonchain trace the on-chain flows; these analytics indicate coordinated swaps and bridging to obscure origin.
What earlier trades tied this wallet to major thefts?
The alleged hacker first drew attention after selling 26,762 ETH two months prior, a sale valued at roughly $69.25 million at the time. Lookonchain later reported two substantial buys in July: 4,863 ETH on July 7 (~$12.55M) and 649 ETH on July 19 (~$2.3M).
Security analyst ZachXBT estimated in May that social engineering scams had cost Coinbase users approximately $330 million, highlighting a trend of sophisticated fraud strategies that drain user accounts.
How has the Radiant Capital attacker been trading stolen funds?
The Radiant Capital exploit shows a different pattern: the attacker swapped proceeds into Ether and has been actively trading, increasing a stolen $49.5M stash to over $105M, per Lookonchain. Notable moves included a purchase of 4,913 ETH around Aug. 20 and a subsequent sale of 4,131 ETH, netting roughly $2.7M.
Radiant Capital suffered a cross-chain lending breach mid-October 2024, when the protocol lost about $58 million on BNB Chain and Arbitrum. Lookonchain data indicates the attacker holds roughly 21,957 ETH (~$103M as of Aug. 14).
Why do some hacker wallets lose value?
Not all illicit traders time markets well. One wallet flagged as “likely belonging to hackers” sold 12,282 ETH in July and re-bought at higher prices, realizing a $6.9M loss. The same wallet later sold 4,958 ETH on Aug. 15 and locked in a $9.75M profit, showing inconsistent trading performance.
Frequently Asked Questions
How much SOL did the Coinbase-linked wallet buy?
The wallet purchased 38,126 SOL across multiple transactions near $209 per token, according to Lookonchain and Arkham data. At current prices near $202, the position shows a paper loss.
Are these wallet flags confirmed as criminal?
On-chain labeling by analytics firms (Lookonchain, Arkham) indicates suspected links to theft, but legal confirmation requires investigative outcomes by authorities such as the DOJ and formal forensic reports.
Key Takeaways
- On-chain purchases: The Coinbase-linked wallet bought 38,126 SOL after converting stablecoins and bridging to Solana.
- Radiant Capital activity: The Radiant attacker swapped proceeds into ETH and reportedly grew stolen funds to over $100M.
- Analyst consensus: Lookonchain, Arkham and independent analysts (ZachXBT) provide tracking and estimates of losses near $300M.
Conclusion
On-chain monitoring shows multiple hacker wallets actively trading stolen proceeds, including a Coinbase-linked wallet that acquired 38,126 SOL and a Radiant Capital attacker that increased Ether holdings. COINOTAG continues to track these addresses and will report updates as forensic data and official investigations (e.g., DOJ inquiries) progress. Stay informed with COINOTAG alerts for real-time on-chain changes.
