Coinbase director finds $322K in crypto for hack victim
After identifying multiple “rich list” Ethereum Classic addresses, a Coinbase director said he was able to track down one individual who lost hundreds of thousands of dollars in 2019
Ahmed Zaggoudi/Shutterstock modified by Blockworks
Conor Grogan, head of product business operations at Coinbase, said he has managed to locate $322,000 belonging to an individual who lost their life savings in a hack four years ago.
Grogan shared his findings on Twitter, explaining in a thread that during his investigation, he came across a “rich list” of Ethereum Classic (ETC) wallets that had “never touched their ETC balances.”
The Ethereum blockchain underwent a hard fork in 2016, resulting in the creation of ETC. Those who held ether (ETH) during the fork would have received an equal amount of ETC, but many people were unaware of this, according to Grogan.
Going through the list of accounts, Grogan said he was able to identify around 20 addresses holding more than $250,000 worth of ETC.
The next challenge lay in tracking down the owners. Traditional methods, such as tagging, were not particularly effective for 2016-era Ethereum. He noted that activities “that doxes people,” such as Ethereum Name Service, NFTs, and even Twitter, were limited at the time.
Grogan said he encountered “a number of dead ends” as many users had sent their entire balances to exchanges, leaving no digital trail to follow.
Though the executive said he stumbled upon an address beginning with “0x475” that contained an unfamiliar crypto called “EOSDAC.” He later discovered holders of EOSDAC had received an airdrop on the Ethereum network in 2018 after registering their ETH addresses.
Blockworks was able to independently verify the address containing 16,999 ETC.
By using the airdropped amount and the snapshot date, Grogan tweeted he was able to successfully connect the address to an EOS wallet linked to a $7.7 million hack back in 2019.
“It turns out that the owner of 0x475 had their life savings stolen by a hacker in 2019 and was in a legal battle with their cybersecurity provider as well as with Bitfinex,” he said.
Grogan later managed to obtain the owner’s legal name associated with the ETH address after combing through legal filings.
“I now had a doxxed name to link with the ETH address.”
Following his discovery, Grogan reached out to the wallet owner, who expressed astonishment, claiming they had no knowledge of the existence of the funds.
Grogan declined an opportunity to be interviewed citing restrictions on discussing details with the media.
The owner of the funds appears to have moved the recovered coins to a new wallet as of Thursday afternoon.
Get the news in your inbox. Explore Blockworks newsletters:
- Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
- Empire: Start your morning with the top news and analysis to inform your day in crypto.
- Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
- 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
- Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
- The Drop: For crypto collectors and traders, covering apps, games, memes and more.
