By Niket Nishant and Chris Prentice
(Reuters) -Coinbase forecast a hit of $180 million to $400 million from a cyberattack that breached account data of a "small subset" of its customers, the crypto exchange said in a regulatory filing on Thursday.
The company received an email from an unknown threat actor on May 11, claiming to have information about certain customer accounts as well as internal documents.
While some data — including names, addresses and emails — was stolen, the hackers did not get access to login credentials or passwords, Coinbase said. It would, however, reimburse customers who were tricked into sending funds to the attackers.
Hackers had paid multiple contractors and employees working in support roles outside the U.S. to collect information. The company had fired those involved, it said.
Separately, the U.S. Securities and Exchange Commission had begun scrutinizing whether Coinbase had misstated its user figures, two sources familiar with the matter told Reuters.
The agency had also been interested in whether any inaccurate user data could indicate the company had inadequate know-your-customer compliance that is required of firms registered with the SEC, the sources said.
A Coinbase spokesperson denied the SEC was probing the company's compliance with know-your-customer and Bank Secrecy Act rules.
Another source familiar with the matter said that the SEC did not directly ask questions about such compliance and that it would not be a relevant topic since the SEC dropped a separate case against Coinbase alleging the firm failed to register with the SEC.
The inquiry into Coinbase's "verified user" metric had continued even after the SEC abandoned its other lawsuit, the source said. The New York Times first reported the investigation into user data from past disclosures.
Coinbase shares extended losses after the report and were last down 6.5%.
"This is a hold-over investigation from the prior administration about a metric we stopped reporting two and a half years ago, which was fully disclosed to the public," Coinbase's chief legal officer, Paul Grewal, said.
"While we strongly believe this investigation should not continue, we remain committed to working with the SEC to bring this matter to a close."
The SEC declined to comment.
CRACKS IN CRYPTO
The latest developments come days before the company is set to join the benchmark S&P 500 index, casting a shadow over what was expected to be a landmark moment for the crypto industry.
Security remains a challenge for the crypto industry despite its growing mainstream acceptance. In February, Bybit disclosed a hack in which around $1.5 billion of digital tokens were stolen — widely dubbed the biggest crypto heist of all time.
Latest News
- Michael Saylor’s new advice? 'Sell a tooth if you must'
- Deere Stock Jumps on Guidance Cut. Here’s Why.
- Take-Two’s Outlook Disappoints as Gamers Await Next Grand Theft Auto. The Stock Is Sliding.
- Tesla Stock Drops. What Options Activity Says About Where It’s Heading Next.
- Boeing Stock Rises Again. Wall Street Is More Positive on Sales.
- 5 Rookie Mistakes Every New Owner-Operator Should Avoid
