It looks like it's a CB commerce contract address, which is likely the hacker using a "self-managed" (no KYC) account type to make decentralized transactions.
Note: I haven't tried this platform yet, just think if transactions are centralized anyway, they don't really need the smartcontrack role.
-snip-
And I tried to read the faqs but it seems Coinbase commerce doesn't require KYC verification.
CB commerce has 2 types of user accounts where only CB-managed users can possibly be identified (the wallet is connected to the main CB exchange account based on their description)
Funds settle into a Coinbase-managed wallet without you having to manage your private keys. Your Exchange account can hold crypto in addition to local currency (fiat)