TLDR
- Coinbase stock dropped 7% after news of a customer data breach and an ongoing SEC investigation into user number claims
- The SEC is questioning Coinbase’s 2021 claim of “100+ million verified users”
- Overseas support agents were bribed to steal customer data, leading to a $20 million ransom demand
- Coinbase refused to pay the ransom but will reimburse affected customers, with costs estimated between $180-400 million
- These issues emerge as Coinbase prepares to join the S&P 500 index
Coinbase, the major cryptocurrency exchange, saw its stock price fall 7% to $244 on May 15 after two pieces of concerning news broke simultaneously. The company confirmed a cybersecurity breach affecting customer data and revealed an ongoing Securities and Exchange Commission (SEC) investigation into its past user number reporting practices.
The crypto exchange’s shares dropped in after-hours trading as investors responded to the double blow of negative news. This comes at a critical time for Coinbase as it prepares to be included in the S&P 500 index next week, which would mark a milestone for mainstream acceptance of the cryptocurrency sector.
Coinbase $COIN Update….
ā Earnings
ā Added to the S&P 500
ā Customer data breach
ā SEC investigationAll in one week…never a dull moment in crypto!! pic.twitter.com/hxEGR9W24s
— Trader Edge (@Pro_Trader_Edge) May 15, 2025
The data breach involved cybercriminals who successfully bribed overseas customer support agents to access and steal private user information. According to Coinbase, the breach affected less than 1% of its daily transacting users.
“These attackers have been contacting our overseas customer support agents, looking for a weak leak, someone who would accept a bribe in exchange for sharing some customer information with them,” explained Coinbase CEO Brian Armstrong in a video message. “Sadly, they came upon a few bad apples.”
https://t.co/evpIBMFvRW pic.twitter.com/f6UPdkL5R0
— Brian Armstrong (@brian_armstrong) May 15, 2025
Ransom Demand and Response
Following the data theft, hackers demanded a $20 million ransom to prevent public disclosure of the breach. Coinbase refused to pay this ransom but has committed to reimbursing customers who lost funds due to related phishing attacks.
The company estimates these remediation and reimbursement expenses could range from $180 million to $400 million. In addition, Coinbase has established a $20 million reward fund for information leading to the arrest and conviction of the responsible criminals.
Coinbase has terminated the compromised staff members, reported them to law enforcement authorities, and is implementing additional security measures to prevent similar incidents in the future.
SEC Investigation Continues
Compounding the cybersecurity issues is an SEC investigation that began during the Biden administration and has continued under the Trump administration. The probe focuses on whether Coinbase overstated its user numbers in previous disclosures.
The regulator is specifically examining Coinbase’s claim of having “100+ million verified users” that appeared in its marketing materials and IPO documentation in 2021. Coinbase discontinued reporting this metric in 2022.
Paul Grewal, Coinbase’s Chief Legal Officer, confirmed the investigation to Cointelegraph, stating: “This is a hold-over investigation from the prior administration about a metric we stopped reporting two and a half years ago, which was fully disclosed to the public.”
Grewal added that Coinbase now focuses on reporting “monthly transacting users” as a more relevant metric. “While we strongly believe this investigation should not continue, we remain committed to working with the SEC to bring this matter to a close,” he said.
In its 2022 financial statement, Coinbase explained it stopped reporting the verified users metric because it no longer believed it provided meaningful information about business performance. The company has hired law firm Davis Polk & Wardwell to assist with its response to the SEC.
The SEC probe continues despite the regulator dropping its 2023 enforcement lawsuit against Coinbase under the Trump administration.
Wider Industry Challenges
These security incidents reflect broader challenges facing the rapidly evolving cryptocurrency market. According to research firm Chainalysis, cryptocurrency-related hacks are projected to cost approximately $2.2 billion in 2024 alone.
Nick Jones, founder and CEO of crypto platform Zumo, noted: “As our fledgling sector grows rapidly, it attracts the eye of bad actors, who are becoming increasingly sophisticated in the scope of their attacks and harnessing new AI tools and techniques to bypass fraud prevention measures.”
The timing of these issues is particularly challenging for Coinbase as it prepares to join the S&P 500, a move that will result in Coinbase stock being included in many index-tracking funds.
Coincidentally, the current SEC investigation continues even as the regulator dropped its previous enforcement lawsuit against Coinbase under the new administration.
The dual challenges of a data breach and regulatory scrutiny highlight the complex landscape Coinbase must navigate as it grows and seeks wider market acceptance. The coming weeks will be crucial as the company works to address both immediate security concerns and ongoing regulatory matters.
Stay Ahead of the Market with Benzinga Pro!
Want to trade like a pro? Benzinga Pro gives you the edge you need in today's fast-paced markets. Get real-time news, exclusive insights, and powerful tools trusted by professional traders:
- Breaking market-moving stories before they hit mainstream media
- Live audio squawk for hands-free market updates
- Advanced stock scanner to spot promising trades
- Expert trade ideas and on-demand support
