Coinbase has confirmed a major data breach that could cost the exchange up to $400 million. Hackers used social engineering to manipulate overseas support agents. These contractors, all based in India, gave attackers access to customer data. While login credentials weren’t stolen, names, emails, and addresses were exposed.
The breach triggered attempted phishing scams, with at least one high-profile crypto investor nearly fooled. Coinbase fired the involved contractors and is tightening its vetting process. The company said these were support staff, not developers or execs. Still, internal access proved to be a major vulnerability. Coinbase has offered a $20 million reward for help catching the culprits, instead of paying a ransom.
SEC Investigation Adds Fuel to the Fire
At the same time, the U.S. Securities and Exchange Commission (SEC) is ramping up an investigation into Coinbase. The SEC claims the exchange gave misleading user numbers during its 2021 public offering. Coinbase originally said it had 43 million users, but later stated 103 million. That discrepancy is now under the spotlight.
Coinbase says the probe is outdated and comes from the prior SEC administration. Still, it’s another black mark at a bad time. Chief Legal Officer Paul Grewal says they’re cooperating but pushing back on the claims. The issue has weighed on investor confidence, especially in the wake of the breach.
COIN Stock Takes a Hit
COIN, Coinbase’s publicly traded stock, has been hammered. Following news of the breach and the SEC probe, the stock dropped over 6%. This came just after Coinbase was added to the S&P 500. Instead of a celebration, the company is now fighting fires on multiple fronts.
Analysts say the breach and investigation could damage Coinbase’s long-term credibility. Investor Bo Pei warned of “reputational risks” and called for better internal controls. Trust is critical in crypto, and right now, Coinbase is scrambling to rebuild it.
Coinbase’s India Ties Under Scrutiny
The breach has shined a spotlight on Coinbase’s overseas workforce. All the compromised agents were based in India. These support workers were allegedly bribed to hand over sensitive user data. The fallout has sparked questions about outsourcing and operational oversight.
Coinbase is now moving to reduce its offshore support footprint. The company announced plans to open a new U.S.-based support center. That’s a clear pivot to reclaim control and restore user trust. But critics say it’s a reaction to a problem that should’ve never gotten this far.
What’s Next for Coinbase?
Coinbase is now in damage control. It’s cooperating with law enforcement, working to reimburse victims, and fighting off regulatory scrutiny. The company is also dealing with a wave of bad press while trying to keep momentum in other areas. Last week, it acquired Deribit and expanded crypto futures trading.
But none of that is helping the current storm. Between the data breach, the SEC investigation, and the COIN stock drop, Coinbase has a long road ahead. Trust once lost is hard to win back—especially in crypto, where security is everything.