Coinbase, one of the world’s largest cryptocurrency exchanges, has warned of a potential financial impact ranging from $180 million to $400 million following a cyberattack that compromised account data belonging to a "small subset" of its customers, reports Reuters.
According to a regulatory filing submitted Thursday, the breach was disclosed after the company received an email from an unidentified hacker on May 11, claiming access to customer information and internal documents. Coinbase confirmed that while names, addresses, and email details were compromised, login credentials and passwords remained secure.
The company said it would reimburse any customers who were deceived into transferring funds to the attackers. The breach reportedly involved unauthorized payments to contractors and employees in support roles based outside the U.S., all of whom have since been terminated.
In a separate development, sources told Reuters that the U.S. Securities and Exchange Commission (SEC) is continuing an investigation into whether Coinbase misrepresented its user figures. The probe includes concerns that inaccurate data might point to lapses in know-your-customer (KYC) compliance.
A Coinbase spokesperson denied that the SEC is investigating its compliance with KYC or the Bank Secrecy Act. The company also clarified that the SEC's questions have not focused on those areas and noted that a previous SEC lawsuit for registration violations has already been dropped.
Despite this, the investigation into Coinbase’s now-defunct "verified user" metric continues. Chief Legal Officer Paul Grewal called it a “holdover” from a past administration and insisted that the metric was fully disclosed when it was discontinued over two years ago.
Coinbase’s shares dropped 6.5% following news of the breach and regulatory scrutiny.
The developments come at a pivotal moment as Coinbase is set to be included in the S&P 500 index, a significant milestone for the crypto industry. However, the attack has raised fresh concerns about cybersecurity within the digital asset space.
Coinbase has refused to pay a $20 million ransom demanded by the attackers and has instead offered a $20 million reward for information leading to their capture. The firm is also launching a new support hub in the U.S. and strengthening its security protocols to prevent similar incidents.
A class-action lawsuit has been filed against Coinbase in the Southern District of New York, alleging failure to adequately safeguard the personal information of millions of current and former users.
In 2024 alone, hacking incidents across the crypto sector caused $2.2 billion in losses, according to Chainalysis. With increasing threats, experts say the industry may be forced to implement tighter internal controls and more rigorous employee vetting.
As the crypto market grows, Coinbase’s latest challenges underscore the urgency of adapting to an evolving cybersecurity landscape while maintaining investor and regulatory confidence.
Bd-pratidin English/ Jisan
