Coinbase Stock Falls 7% Amid SEC Investigation and Cyberattack Exposure
Coinbase (COIN) shares dropped sharply, falling 7% to $244 in after-hours trading on May 15, following reports of a serious data breach and an ongoing Securities and Exchange Commission (SEC) investigation into potentially misstated user numbers from 2021. The combination of regulatory scrutiny and cybersecurity concerns has sent shockwaves through investor circles.
The SEC probe, initially reported by The New York Times, centers on allegations that Coinbase may have overstated its user base in disclosures made during its 2021 public listing. The investigation began under the Biden administration and has continued into the Trump administration, indicating persistent regulatory interest in the company’s disclosure practices.
In response, Coinbase confirmed the investigation and emphasized its transparency regarding reporting metrics. Paul Grewal, Coinbase’s Chief Legal Officer, told Cointelegraph, “This is a holdover investigation from the prior administration about a metric we stopped reporting two and a half years ago, which was fully disclosed to the public.”
Grewal further clarified that while the metric in question—claiming “100+ million verified users”—has not been used since 2022, the company continues to report “monthly transacting users,” a more relevant and meaningful metric that measures actual platform engagement. He also reaffirmed Coinbase’s commitment to resolving the investigation: “While we strongly believe this investigation should not continue, we remain committed to working with the SEC to bring this matter to a close.”
Despite the SEC dropping its enforcement lawsuit against Coinbase in 2023, the current probe remains active. To manage its legal response, Coinbase has retained the prominent law firm Davis Polk & Wardwell.
Cyberattack and Extortion Attempt Target Coinbase
On the same day, Coinbase disclosed a significant cybersecurity incident involving a $20 million extortion attempt. The breach involved overseas support agents, reportedly recruited by cybercriminals, who gained unauthorized access to internal customer support systems. This insider attack resulted in the compromise of account data belonging to a small subset of users.
Coinbase has refused to comply with the ransom demands and emphasized that it is taking strong remedial action. The company pledged to reimburse affected users who fell victim to phishing attacks stemming from the breach. Estimated remediation and compensation costs are expected to fall between $180 million and $400 million.
“These insiders abused their access to customer support systems to steal the account data for a small subset of customers,” Coinbase stated in its official communication.