The hacker behind a recent Coinbase breach has surfaced with a 38,126 Solana purchase worth approximately $7.9 million, made with funds stolen from the exchange’s customers.
According to blockchain analyst Ember CN, the hacker converted 7.957 million DAI to USDC, then bridged these funds to the Solana network to purchase Solana (SOL) at an average price of $208.7.
The purchase comes as Solana trades up over 17% in the last 30 days, though the token remains down 29% from its all-time high of $293 reached in January.
This marks the third significant asset allocation move by the hacker behind the Coinbase breach in May.
Hacker’s strategic trading pattern spans over months
The Coinbase hacker has shown methodical trading behavior since gaining access to customer funds on at least two occasions:
- In May, the hacker sold 26,347 Ethereum (ETH) for 68.18 million DAI. The sale was done at a price of $2,588.
- Two months later in July, the hacker repurchased 5,513 ETH with 14.865 million DAI at $2,696.
The $208.7 purchase price aligns with analyst predictions that SOL could rally toward $360.
Technical analysis from trader Ucan indicates that Solana is currently moving within a rising channel, following the formation of a rounded bottom pattern.
Key resistance levels include $215 for initial resistance, $227 for breakout confirmation, and $242 as a strong upside target. The channel top sits at $251.
The hacker’s timing coincides with bullish sentiment around Solana, with prominent trader Ali recently asking to hold SOL until $360.
Coinbase hack impact continues to unfold
The May Coinbase breach affected nearly 70,000 users through a coordinated social-engineering attack. Cybercriminals bribed overseas customer-support contractors to extract user records between December 2024 and May 2025.
The attack compromised personal data, including full names, dates of birth, addresses, phone numbers, masked bank account numbers, and government-issued ID scans.
Coinbase disclosed the incident publicly after receiving a $20 million ransom demand, which the company refused to pay.
CEO Brian Armstrong pledged to reimburse affected customers. Additionally, he offered a $20 million reward for information leading to an arrest. The breach triggered an estimated remediation cost of up to $400 million for the exchange.
