Coinbase Faces Major Financial Impact from Cyberattack
Coinbase has projected a financial hit ranging from $180 million to $400 million due to a recent cyberattack that compromised the account information of a limited number of its customers, as disclosed in a regulatory document on Thursday. The breach was initiated by an unidentified hacker who contacted the company on May 11, alleging possession of sensitive data related to specific customer accounts and internal records. Although personal information such as names, addresses, and email addresses was accessed, Coinbase confirmed that login credentials and passwords remained secure. The exchange has pledged to compensate customers who were deceived into transferring funds to the cybercriminals.
Insider Involvement in Information Gathering
The hackers reportedly employed several contractors and employees in support roles outside the United States to gather information for the attack. In response to this breach of trust, Coinbase stated that it had terminated the individuals involved. In a separate matter, the U.S. Securities and Exchange Commission (SEC) has begun investigating whether Coinbase inaccurately reported its user figures, according to two sources familiar with the investigation. The SEC is also scrutinizing whether discrepancies in user data might indicate that the company has not met the know-your-customer (KYC) compliance standards required for firms registered with the agency, sources confirmed. However, a Coinbase spokesperson refuted claims that the SEC was examining the firm’s adherence to KYC regulations or the Bank Secrecy Act.
Clarification on SEC Investigation
An additional source indicated that the SEC had not directly inquired about compliance issues and that such matters were unlikely to be relevant, especially after the agency dropped a separate case against Coinbase concerning its registration status. Nonetheless, the investigation into the accuracy of Coinbase’s “verified user” metric has persisted, even after the SEC’s withdrawal from its previous lawsuit. The New York Times initially reported on the inquiry into user data stemming from earlier disclosures. Following the news, Coinbase’s stock experienced a decline, falling by 6.5%. Paul Grewal, Coinbase’s chief legal officer, stated, “This investigation is a continuation from the previous administration regarding a metric we ceased reporting two and a half years ago, which we fully disclosed to the public.” He added that while they believe the investigation should not proceed, they remain dedicated to collaborating with the SEC to resolve the issue.
Impact on Coinbase’s S&P 500 Inclusion
These recent events unfold just days before Coinbase is set to be included in the S&P 500 index, potentially overshadowing what was anticipated to be a significant milestone for the cryptocurrency sector. The industry continues to grapple with security challenges, despite gaining mainstream acceptance. Earlier this year, Bybit revealed a security breach that resulted in the theft of approximately $1.5 billion in digital assets, marking it as one of the largest crypto thefts to date. Bo Pei, an analyst at U.S. Tiger Securities, noted that such cyberattacks may compel the industry to implement more stringent employee vetting processes and could introduce reputational risks.
Rising Threats to Cryptocurrency Security
According to a report by Chainalysis, hacking incidents targeting cryptocurrency platforms resulted in losses totaling $2.2 billion in 2024. Nick Jones, founder of crypto firm Zumo, remarked, “As our emerging industry expands rapidly, it attracts the attention of malicious actors, who are becoming more sophisticated in their attacks.” In addition to the cyberattack, Coinbase is now facing a lawsuit in the Southern District of New York, claiming that the world’s largest cryptocurrency exchange failed to adequately protect the personally identifiable information of millions of its past and current customers. Coinbase has refused to meet the attackers’ ransom demand of $20 million and is actively cooperating with law enforcement. Instead, the company has established a reward of $20 million for information leading to the apprehension of the hackers.
Measures to Enhance Security
In light of the breach, Coinbase is also launching a new support center in the U.S. and implementing additional strategies aimed at preventing future cyberattacks.
