Coinbase fined a record 21.5 million euros in Ireland. Photo: Bloomberg
Loophole facilitated 176 billion euros of illegal transactions
- One of the biggest names in the cryptocurrency world has just received a heavy fine from Ireland's financial regulator. Coinbase Europe , the European branch of the Coinbase exchange , was fined €21.5 million ($24.7 million) by the Central Bank of Ireland (CBI) for serious violations of anti-money laundering and counter-terrorism financing (AML/CTF) regulations, between April 2021 and March 2025.
- This is the first time the CBI has publicly fined a crypto business, and is also the fourth highest fine in the agency's history.
- According to the CBI, Coinbase Europe - as a virtual asset service provider (VASP) - has a responsibility to continuously monitor and promptly report suspicious customer transactions to the Irish Financial Intelligence Unit (FIU) as well as the Revenue, under the Criminal Justice and Countering Money Laundering and Countering Terrorist Financing Act 2010.
- However, the regulator discovered a serious configuration error in Coinbase Europe's monitoring system that left more than 30 million transactions, worth 176 billion euros ($203 billion), representing 31% of the company's total activity in the period, unmonitored over the 12 months.
- Notably, some 13 million euros of that was flagged as potentially linked to money laundering, fraud, drug trafficking, cyberattacks and child sex.
- It took Coinbase nearly three years to review all the missed transactions and eventually sent 2,708 late suspicious transaction reports to authorities.
Coinbase Europe Admits Violation
- In an official statement, Coinbase Europe admitted to the violations , including:
Insufficient monitoring of transactions,
Lack of effective internal controls,
And no additional checks were performed on the other 184,790 transactions.
- On November 5, in a settlement with the Central Bank of Ireland, Coinbase was reprimanded and imposed an initial fine of 30.7 million euros ($35.4 million).
- Thanks to his proactive cooperation and acceptance of responsibility, the fine was reduced by 30% to 21.5 million euros ($24.7 million). The case is now awaiting approval from the Irish High Court before it takes effect.
- In a blog post on November 6, Coinbase admitted that the problem stemmed from three programming errors in its monitoring system, causing five of its 21 transaction monitoring scenarios to only partially work during the 2021-2022 period.
- One of the bugs caused the system to fail to recognize wallet addresses containing special characters (such as the ampersand “&”), resulting in the omission of customer data. Coinbase said it fixed the bug within 2-3 weeks of discovery, then reviewed all affected transactions and filed an additional 2,700 suspicious activity reports (STRs) with authorities.
Strong warning from Ireland
- Mr. Colm Kincaid, Deputy Governor in charge of consumer and investor protection at the Central Bank of Ireland, emphasized: “To effectively combat financial crime, law enforcement agencies need financial institutions to operate robust monitoring and reporting systems. When these systems fail, criminals will take advantage to evade detection and they inevitably will.”
- He also warned that crypto possesses anonymous, cross-border characteristics, making it particularly attractive to financial criminals: “Therefore, businesses providing crypto services must have strong control mechanisms to detect and report suspicious transactions. When a system failure occurs, immediate reporting to the Central Bank is mandatory to promptly control risks.”
- According to the Financial Times, Coinbase Europe is also preparing to move its European operations headquarters from Ireland to Luxembourg later this year.
- Many experts assess that the Coinbase incident is a “wake-up call” for the entire digital asset sector in Europe. Under the MiCA legal framework, all crypto businesses - from exchanges to custodial wallets - will be held responsible similar to traditional banks in AML/CTF work.
- Before the fine in Ireland, Coinbase had been repeatedly involved in lawsuits and penalties related to regulatory compliance. In 2021, the exchange was fined $6.5 million by the CFTC for “wash trading”. In 2023, the exchange was fined $50 million by the New York government for lax KYC procedures, and theDutch Central Bank fined $3.6 million for operating without a license. Last year, Coinbase’s UK branch was fined $4.5 million by the FCA for violating high-risk customer regulations. In May 2025, Coinbase faced a class action lawsuit from shareholders, accusing the exchange of hiding security vulnerabilities and information that violated regulations.
Coin68 synthesis
