Coinbase logo

Coinbase

exchange
Operational
Visit website

Coinbase is a NASDAQ-listed US exchange founded in 2012, regulated by FinCEN, with 98% cold storage and crime insurance covering online assets.

Platform Information

Founded

2012

Headquarters

San Francisco, United States

Two-Factor Authentication

An extra login step that protects your account even if your password is stolen.

Yes

Custodial

The platform holds your crypto on your behalf — you don't control the private keys.

Yes

KYC Required

Know Your Customer — you must verify your identity before trading or withdrawing.

Yes

Proof of Reserves

The platform publicly proves it holds enough assets to cover all customer funds.

No

Insurance

Customer funds are covered by insurance in the event of a hack or platform failure.

Yes

Supported Chains

BitcoinEthereumSolanaBasePolygonAvalanche
custodialregulatedpublicly-listedhigh-volume

About Coinbase

Coinbase is the largest US-based cryptocurrency exchange by trading volume, founded in 2012 by Brian Armstrong and Fred Ehrsam. It became the first major crypto exchange to list publicly on the NASDAQ (ticker: COIN) in April 2021, subjecting it to SEC reporting requirements and a level of regulatory oversight uncommon in the crypto industry.

Security

  • Holds approximately 98% of customer assets in cold storage, offline and isolated from internet-connected systems
  • Carries crime insurance with a $255 million limit covering digital assets held online against theft and cybersecurity breaches
  • USD cash balances are FDIC-insured up to $250,000 through custodial banking partners
  • Additional controls include 2FA, biometric login, time-locked vaults, SOC 2 Type II certification, and a public bug bounty program

Regulation

  • Registered with FinCEN as a Money Services Business since 2013 — one of the earliest such registrations in the industry
  • Listed on NASDAQ since April 2021; subject to quarterly SEC filings and annual reporting
  • Licensed or registered in the US, UK, EU, Canada, Australia, and Singapore
  • The SEC civil enforcement action against Coinbase was dismissed in February 2025; Coinbase is pursuing a broker-dealer license to expand regulated securities offerings

Incident History

  • 2021: Approximately 6,000 customer accounts were compromised via an SMS phishing attack. No exchange funds were drained; affected users were reimbursed.
  • May 2025: Coinbase disclosed a significant data breach caused by rogue overseas support contractors who were bribed to steal customer data. Roughly 69,000 customers had names, Social Security numbers, bank details, and transaction histories exposed. No passwords, private keys, or wallet funds were compromised. Coinbase refused a $20 million ransom demand and offered the same amount as a reward for information on the perpetrators. Estimated remediation costs: $180–400 million.

Coinbase has never suffered a platform-wide hot wallet drain. The 2025 breach was an insider threat via contractor compromise, not a direct external hack of the exchange infrastructure.

Security & Score

78

Platform Safety Score

78/100Good

Based on incident history, security features, and track record

Security Features

2FAbiometric loginvault with time-lockSOC 2 Type IIbug bounty

Insurance

Coinbase carries crime insurance covering digital assets held in online storage against theft and cybersecurity breaches.

Regulatory Information

Regulated In

Jurisdictions where this platform is officially licensed and subject to financial oversight.

USUKEUCAAUSG

Area Served

Countries or regions where this platform is available to users.

USEUUKCAAU

Notes

Registered with FinCEN as a Money Services Business. Listed on NASDAQ (COIN). Subject to ongoing SEC scrutiny regarding asset listings.

Incident History

3 incidents3 resolved$400.0M total lost

Insider Data Theft and Extortion

May 15, 2025

Coinbase disclosed that rogue overseas support agents were bribed to access customer data. Attackers demanded $20M ransom. Up to $400M in remediation costs estimated.

Resolved$400,000,000 lostCoinbase Blog

Employee Social Engineering Attack

February 17, 2023

An attacker social-engineered a Coinbase employee via SMS phishing, gaining access to internal systems. No customer funds were lost but employee data was exposed.

ResolvedCoinbase Blog

Account Takeover Vulnerability

October 1, 2021

Coinbase disclosed that approximately 6,000 customers had funds stolen from their accounts between March and May 2021 due to a vulnerability in the SMS account recovery process.

Resolved

Frequently Asked Questions

Do you use Coinbase?

Check how it affects your portfolio health score and get personalised risk insights.

Check your health score