SEC Probes Coinbase’s 2021 User Count Claim Amid Cyberattack Fallout
The U.S. Securities and Exchange Commission (SEC) is scrutinizing Coinbase’s assertion from 2021 that it had over 100 million “verified users,” as part of an ongoing investigation.
Following reports of a data breach and the SEC’s inquiry, Coinbase shares dropped 7% in after-hours trading on May 15, falling to $244, according to Google Finance.
Coinbase confirmed a New York Times report revealing that the SEC has been investigating whether the exchange misrepresented its user numbers in previous filings—a probe that started under the Biden administration and is ongoing under the Trump administration.
Paul Grewal, Coinbase’s chief legal officer, said the investigation concerns a statistic the company stopped reporting two and a half years ago and had publicly disclosed the change. Grewal added that Coinbase now reports “monthly transacting users,” a more relevant indicator of platform engagement.
Although the SEC dropped a separate enforcement action against Coinbase in 2023, it continues to take issue with the company’s 2021 claim of “100+ million verified users,” which was used in marketing and IPO materials. Coinbase officially ceased reporting this metric in 2022, stating in financial filings that it no longer reflected meaningful business performance.
Coinbase has enlisted the law firm Davis Polk & Wardwell to help manage its response to the SEC’s investigation.
In a separate development, Coinbase revealed it had been the target of a cyberattack involving a $20 million ransom demand. According to the company, external support agents working for criminals exploited their access to customer service systems to leak data from a limited number of user accounts.
Coinbase refused to pay the ransom but committed to reimbursing customers affected by phishing attacks resulting from the breach. The company estimates the cost of remediation and compensation could range from $180 million to $400 million.
