TLDR
- Coinbase shares fell 7% following customer data theft and SEC probe news
- Overseas support staff accepted bribes to leak user information, prompting a $20M ransom demand
- Company expects to pay $180-400M in customer reimbursements
- SEC investigating Coinbase’s previous claim of “100+ million verified users” from 2021
- Issues emerge right before Coinbase’s scheduled entry into the S&P 500
Coinbase stock took a beating Friday, dropping 7% to $244 as investors reacted to a one-two punch of troubling news.
The cryptocurrency exchange revealed a customer data breach orchestrated through bribed support staff while also confirming an ongoing SEC investigation into possibly inflated user metrics.
The company disclosed that hackers had successfully convinced several overseas customer service representatives to leak private user information.
The security breach impacted less than 1% of Coinbase’s daily active users.
After obtaining the data, the hackers demanded $20 million to prevent public exposure of the stolen information.
Coinbase CEO Brian Armstrong addressed the situation in a video statement: “These attackers have been contacting our overseas customer support agents, looking for someone who would accept a bribe in exchange for sharing customer information with them.”
The company declined to pay the ransom. Instead, Coinbase promised to fully reimburse any customers who lost money after being tricked into sending cryptocurrency to fraudulent accounts.
The total cost for customer reimbursements and related remediation could reach between $180 million and $400 million, according to company estimates.
Coinbase has established a $20 million reward fund for information leading to the arrest and conviction of the responsible parties.
The company has already fired the staff members who leaked customer data and reported them to law enforcement authorities.

Regulatory Questions Linger
Adding to Coinbase’s troubles, the company confirmed an ongoing Securities and Exchange Commission investigation into its past reporting practices.
The SEC is examining whether Coinbase overstated its user numbers in previous disclosures, particularly its claim of having “100+ million verified users” that appeared in marketing materials and IPO documentation in 2021.
Coinbase Chief Legal Officer Paul Grewal downplayed the investigation: “This is a hold-over inquiry from the previous administration about a metric we stopped reporting two and a half years ago, which was fully disclosed to the public.”
Grewal emphasized that Coinbase now focuses on “the more pertinent statistic of monthly transacting users” instead.
The company discontinued reporting its “verified users” metric in 2022, stating in financial filings that it no longer considered the figure relevant to assessing business performance.
To address the SEC inquiry, Coinbase has hired law firm Davis Polk & Wardwell.
The investigation has persisted despite the SEC dropping its 2023 enforcement lawsuit against Coinbase following the change in presidential administrations.
Unfortunate Timing
The dual challenges couldn’t come at a worse time for Coinbase, which is set to join the S&P 500 index next week.
This milestone represents a major step toward mainstream acceptance of the cryptocurrency industry and will result in Coinbase stock being added to numerous index-tracking funds.
The inclusion in the prestigious index makes the timing of these issues particularly awkward for the San Francisco-based company.
The crypto sector as a whole continues to face growing security challenges. Research firm Chainalysis projects that cryptocurrency-related hacks will cost approximately $2.2 billion in 2024.
Nick Jones, founder and CEO of crypto platform Zumo, commented on the industry-wide problem: “Unfortunately as our fledgling sector grows rapidly, it attracts the eye of bad actors, who are becoming increasingly sophisticated in the scope of their attacks and harnessing new AI tools and techniques to bypass fraud prevention measures.”
Coinbase has stated it will implement additional consumer protections to prevent similar security breaches in the future.