Shares of Coinbase took a sharp dive on Thursday, falling 7.2% after the company admitted that cybercriminals had bribed overseas support agents to gain access to customer data, an incident that could cost the firm up to $400 million.
But that drop might’ve gone too far. Oppenheimer doesn’t think the sell-off makes sense. The firm kept its $293 price target for Coinbase, saying the panic was overblown. If that target holds, the stock has nearly 20% upside from where it ended Thursday.
The stock has now slipped over 20% in six months and is already down more than 1% for the year. But analysts aren’t running for the hills.
Owen Lau, who covers Coinbase at Oppenheimer, said in a note on Thursday that while the expected cost of $180 million to $400 million is high, the company is taking responsibility and acting fast. He said the support agents involved have been fired, and Coinbase is working to compensate affected users while going after the hackers through legal means.
Coinbase breach timeline stretches back months
Owen said the impact of the attack will mostly show up in its second quarter results, and the payment to fix it will likely be booked as part of operating expenses. He added that it won’t change Coinbase’s guidance for second-quarter costs.
What did hurt the stock further, according to him, was the dip in altcoin prices in the last two days. Even so, he stressed that the long-term thesis on Coinbase hasn’t changed.
“While these headlines have impacted near-term sentiment, they haven’t changed our long-term view on the stock,” he wrote. “We view this as a buying opportunity.”
And Owen’s not alone. Out of the 31 analysts who cover Coinbase, 16 still rate it a buy or strong buy, according to data from LSEG. The remaining 15 are neutral. The stock was also seen recovering slightly in early premarket trading Friday, up more than 1% before markets opened.
What spooked investors the most was the scale and duration of the breach. According to Bloomberg, the hackers first started gaining access in January, when Coinbase noticed suspicious behavior from some of its customer support workers.
These workers were paid off by attackers to hand over private customer information. The stolen data included names, birthdays, nationalities, addresses, ID numbers, bank info, account creation dates, and wallet balances.
A person who spoke to Bloomberg reportedly said the attackers had on-demand access to this data for around five months. The hackers even demanded $20 million in ransom, threatening to release the data if Coinbase didn’t pay. The stolen information could have been used to impersonate Coinbase in phishing attacks or even impersonate users to gain access to their other financial accounts.
SEC investigation adds pressure
Coinbase’s Chief Security Officer Philip Martin pushed back on the claim that the attackers had constant access. Philip said the company removed access from the agents as soon as it discovered what was happening. “They did not have persistent access over the course of the entire period,” he told Bloomberg.
The company also disclosed on Thursday that it’s still being investigated by the U.S. Securities and Exchange Commission. The SEC is looking into one of Coinbase’s older user metrics that the firm stopped reporting more than two years ago.
Coinbase’s Chief Legal Officer Paul Grewal called it a leftover issue from a past administration. “This is a hold-over investigation from the prior administration about a metric we stopped reporting two and a half years ago, which was fully disclosed to the public,” Paul said in a statement. He also said Coinbase is continuing to work with the SEC to close the case.
The metric in question was the “verified users” count, which may have made it look like Coinbase had more unique customers than it actually did. Paul said they’ve switched to a clearer number — monthly transacting users, which gives a more accurate picture of who’s actually using the platform.
The SEC didn’t make any public comment on the case.
Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot
