Coinbase to pay $100 million over failure to scale AML as business boomed

Quick Take

  • A settlement with New York’s financial regulator found that Coinbase’s anti-money laundering program did not keep up with customer growth during the bull market. 
  • The company will pay $50 million to the regulator and another $50 million to expand its compliance department. 

Coinbase reached a $100 million settlement with the New York Department of Financial Services following investigations into failures in its compliance program.

The NYDFS fined Coinbase $50 million and required the company to invest another $50 million into its compliance program following a settlement with the regulator, which found gaping holes in the crypto exchange's review of customer identities and alerts on transactions. Particularly, it noted that the exchange failed to keep up with the growth in its customer base from 2020 through 2021. 

"Coinbase lacked sufficient personnel, resources, and tools needed to keep up with these alerts, and backlogs rapidly grew to unmanageable levels," the settlement reads. "By the end of 2021, Coinbase had a backlog of unreviewed transaction monitoring alerts grew to more than 100,000 (many of which were months old), and the backlog of customers requiring enhanced due diligence ('EDD') exceeded 14,000."

Coinbase has had a digital asset business license with the NYDFS — more commonly called a BitLicense — since 2017. By reputation the most rigorous regulatory regime in U.S. crypto, the BitLicense entails ongoing examinations, including one in 2020 that kicked off its issues with Coinbase.

The settlement includes details of an early 2021 incident in which a user stole $150 million from an unnamed company by opening an account on behalf of the company at Coinbase, by pretending to be an employee despite not providing appropriate documentation. The individual expanded the company’s daily withdrawal limit by a factor of 50 and subsequently accessed the company's bank account, from which they transferred $150 million to Coinbase. 

The thief then converted the fiat deposit into crypto and moved it off-platform onto a separate wallet. Coinbase was unaware of the activity for six days, until the corporation's bank contacted the crypto exchange. Law enforcement was eventually able to track down the crypto in question and return it to its rightful owner.


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

In February 2022, the company hired an independent monitor in an effort to resolve these concerns, but their initial efforts did not fully appease the NYDFS. 

Noting that the NYDFS investigation was initially revealed on a filing with the Securities and Exchange Commission, Chief Legal Officer Paul Grewal said in a statement that "Coinbase has taken substantial measures to address these historical shortcomings and remains committed to being a leader and role model in the crypto space, including partnering with regulators when it comes to compliance. We believe our investment in compliance outpaces every other crypto exchange anywhere in the world, and that our customers can feel safe and protected while using our platforms."

Coinbase shares gained 6% in early trading. 

Updated with details of the $150 million theft described in the settlement. 

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Kollen Post is a senior reporter at The Block, covering all things policy and geopolitics from Washington, DC. That includes legislation and regulation, securities law and money laundering, cyber warfare, corruption, CBDCs, and blockchain’s role in the developing world. He speaks Russian and Arabic. You can send him leads at [email protected].


To contact the editors of this story:
Larry DiTore at
[email protected]
Nathan Crooks at
[email protected]
Colin Wilhelm at
[email protected]