Coinbase stock drops 7% as SEC probes user metrics and hackers demand $20M ransom
By isabelle // 2025-05-16
Copy
 
  • Coinbase stock dropped 7% after-hours due to a major data breach and an ongoing SEC investigation into misleading user metrics claims.
  • The SEC is probing Coinbase’s past claim of "100+ million verified users," questioning its accuracy and impact on investors.
  • A cyberattack exposed customer data after hackers bribed overseas support agents, leading to potential $400M in remediation costs.
  • Coinbase refused a $20M ransom, instead offering it as a bounty for the hackers’ arrest, while securing affected accounts.
  • The crises threaten Coinbase’s reputation amid its S&P 500 inclusion, raising concerns about compliance and cybersecurity in crypto.
In a devastating one-two punch for the cryptocurrency giant, Coinbase (COIN) saw its stock plummet 7% in after-hours trading on Thursday after revelations of a major data breach and an ongoing Securities and Exchange Commission (SEC) investigation into whether the company misled investors about its user metrics. The breach, which exposed sensitive customer data, could cost the company up to $400 million in remediation and reimbursements, while the SEC continues scrutinizing Coinbase’s now-abandoned claim of "100+ million verified users" from 2021. The dual crises highlight the growing risks facing crypto firms as regulators and cybercriminals target the industry.

SEC probes Coinbase’s inflated user metrics

The SEC’s investigation, first reported by The New York Times, centers on Coinbase’s past disclosures of "verified users", a metric the company aggressively promoted in its 2021 IPO filings and marketing materials. The agency is examining whether the figure, which Coinbase claimed exceeded 100 million, was misleading to investors. Although the company stopped reporting the metric in 2022, calling it irrelevant to business performance, the SEC has persisted in its inquiry, which began under the Biden administration and continues under President Trump’s more crypto-friendly SEC leadership. Coinbase Chief Legal Officer Paul Grewal dismissed the probe as a "hold-over investigation from the prior administration about a metric we stopped reporting two and a half years ago." He emphasized that the company now focuses on "monthly transacting users," a more accurate reflection of active customers. Still, the SEC’s persistence suggests regulators remain skeptical of Coinbase’s past claims, particularly given the company’s own admission that the "verified user" count may have included duplicate accounts.

Hackers exploit overseas support agents in $20M extortion scheme

The same day the SEC probe made headlines, Coinbase disclosed a cyberattack that compromised sensitive customer data. Hackers allegedly bribed overseas customer support agents — reportedly based in India — to access account details, including names, addresses, phone numbers, and partial Social Security and bank account information. While login credentials and wallet access remained secure, the breach exposed enough data for criminals to launch targeted phishing attacks. Coinbase refused to pay the hackers’ $20 million ransom demand, instead offering the same sum as a bounty for information leading to their arrest. "The knee-jerk reaction of every single person who heard we were being extorted was ‘hell no!’" said Chief Security Officer Philip Martin. The company estimates remediation costs of between $180 million and $400 million, covering reimbursements for affected users and enhanced security measures.

A costly blow to crypto’s Wall Street darling

The timing couldn’t be worse for Coinbase, which recently secured a spot in the S&P 500—a milestone signaling Wall Street’s growing acceptance of crypto. Yet the breach and SEC scrutiny have rattled investors, erasing recent gains and raising questions about the company’s risk management. Critics argue Coinbase’s rapid expansion has come at the expense of robust compliance and cybersecurity, leaving it vulnerable to both regulatory crackdowns and criminal exploitation. While the SEC’s investigation may yet conclude without penalties, the breach underscores a harsh reality: As crypto firms integrate into mainstream finance, they face the same threats as traditional institutions—only with fewer safeguards in place. For now, Coinbase must navigate the fallout, proving it can protect customers and investors alike in an industry where trust is as volatile as the assets it trades. Sources for this article include: CoinTelegraph.com Fortune.com NYTimes.com CNBC.com Investopedia.com
Copy