Over $15M Stolen in Coinbase Commerce Heist, AML Systems Fail to Detect Attack

A recent theft involving Coinbase Commerce has been uncovered by crypto investigator ZachXBT, revealing that over $15.9 million worth of USDC was stolen from a vendor.

Despite this large sum, Coinbase’s anti-money laundering (AML) system failed to detect the suspicious activity, leaving the method of the breach unclear.

ZachXBT shared the details of the theft, which occurred on April 21, and involved over 1,700 suspicious transactions. The stolen funds were quickly moved through Polygon and Ethereum networks before being split into three separate wallets, with most of the funds lying dormant.

Though the thief, operating under the alias “Excite,” has yet to fully reveal their identity, some social media posts and images, including a partially visible face, have provided leads, suggesting the culprit may be located in Denmark.

The investigation is ongoing, with ZachXBT indicating that he might soon be able to identify the individual responsible. However, one major question remains: how did the attacker bypass Coinbase’s security measures? ZachXBT has expressed concerns about the failure of Coinbase’s AML systems, noting that the suspicious transactions went unnoticed for over 16 hours, raising doubts about the effectiveness of the platform’s fraud detection processes.

Coinbase has faced scrutiny in the past for its compliance lapses, including a significant $50 million fine last year for violations of AML regulations. This latest incident has sparked frustration among users, with many pointing out that while the platform often takes strict action against legitimate accounts, high-profile thefts like this one seem to evade detection. The victim, who has not yet come forward, remains unidentified, complicating the investigation. The case highlights ongoing security vulnerabilities on Coinbase Commerce and the need for enhanced oversight.