The company said it refused to pay the $20 million ransom; instead, it’s “establishing a $20 million reward fund for information leading to the arrest and conviction of the attackers,” asking anyone with information to email Coinbase’s security team.
“It sucks but when we see a problem like this, we want to own it and make it right, and that’s what we’re doing,” Martin told Fortune.
Coinbase Chief Legal Officer Paul Grewal told Fortune in a statement that the SEC probe is just “a holdover investigation from the prior administration about a metric we stopped reporting two and a half years ago,” adding the company is committed to working with the SEC “to bring this matter to a close.”
As Grewal said, Coinbase stopped reporting on “verified users,” which was based on the number of accounts with confirmed email addresses or phone numbers, in 2023. It now focuses on other metrics like monthly transacting users, of which there are about 8 million on Coinbase.
“We asked the SEC for feedback; all we got was a lawsuit,” he said, adding the government agency operates by a “regulation by enforcement” environment.
Despite these run-ins with cybercriminals and regulators, Coinbase is having a pretty good year. The company reported $2.03 billion in first-quarter revenue, up 24% year over year. While that missed analysts’ expectations, the company attributed it to “an uncertain macro environment” around global trade policy.
