SEC Scrutinises Coinbase’s 2021 User Claims

Coinbase has come under renewed regulatory pressure after the U.S. Securities and Exchange Commission (SEC) intensified its investigation into the company’s past user metrics. The inquiry centres on Coinbase’s 2021 claim of having “100+ million verified users,” which was prominently featured in its IPO filings and marketing materials.

According to a report confirmed by Coinbase and first published by The New York Times, the investigation originally began under the Biden administration and has continued into the current Trump administration. Although the company stopped reporting this particular metric in 2022, the SEC remains concerned about whether the figures were misleading.

Coinbase stock 24 hours. Source: Google Finance

Paul Grewal, Coinbase’s Chief Legal Officer, acknowledged the probe, calling it “a holdover investigation” about a metric they ceased reporting two and a half years ago. “We strongly believe this investigation should not continue,” he said, noting that the company has since been transparent with more relevant metrics, such as “monthly transacting users.”

Coinbase Engages Legal Support

To navigate the ongoing regulatory challenge, Coinbase has hired the prominent law firm Davis Polk & Wardwell to handle its response to the SEC. Although the SEC dropped a separate enforcement lawsuit against the company in 2023, the current probe into user numbers remains active.

Grewal reaffirmed Coinbase’s commitment to working with the SEC, expressing hope that the matter can be resolved soon.

Cyberattack Sparks Security Concerns

Compounding the company’s regulatory woes, Coinbase also disclosed a major cyberattack involving a $20 million extortion attempt. On 15 May, the cryptocurrency exchange revealed that cybercriminals had gained access to customer data with the help of overseas customer support agents.

“These insiders abused their access to customer support systems to steal the account data for a small subset of customers,” Coinbase said in a statement. The firm refused to pay the ransom demanded by the attackers.

Reimbursement Costs Could Top $400M

Although the breach affected only a portion of users, Coinbase has pledged to reimburse victims of phishing attacks stemming from the data leak. The total remediation and reimbursement costs are expected to fall between $180 million and $400 million.

 In its 2022 financial statement, the firm stated it would stop reporting the metric as it no longer believed it provided meaningful information to its business performance. Source: SEC

The company did not disclose how many users were impacted but assured that affected individuals would be compensated.

Investors React Sharply to Double Blow

The twin revelations rattled investor confidence, sending Coinbase stock (COIN) down by 7% to $244 during after-hours trading on 15 May, according to Google Finance.

The sharp decline highlights the growing concerns over both data security and regulatory scrutiny. As Coinbase grapples with these dual challenges, investors will be watching closely to see how the company manages the fallout and restores trust.