Overview
- Breaches spanned April 2021 to March 2025, with more than 30 million transactions worth over €176 billion — about 31% of activity — not properly monitored during a 12‑month window.
- After a nearly three‑year retrospective review, Coinbase reprocessed affected activity, identified roughly 185,000 transactions for further checks, and filed 2,708 suspicious transaction reports with Ireland’s FIU.
- Authorities said the STRs flagged suspected money laundering, fraud/scams, drug trafficking, cyberattacks including ransomware, and child sexual exploitation, while noting STRs do not prove criminal activity.
- Coinbase attributed the lapse to three coding errors that impaired five of 21 monitoring scenarios in its Transaction Monitoring System, said the bugs were fixed within weeks, and outlined strengthened testing and controls.
- The original penalty of about €30.6 million was cut by 30% under a settlement scheme that Coinbase accepted; the case is described as the Irish central bank’s first major public enforcement against a crypto firm, and follows Coinbase’s move to a MiCA license in Luxembourg.