A sharp sell-off in Coinbase (COIN) stock may be an overreaction to two pieces of bad news that hit on the same day, according to analysts at Barclays and Oppenheimer.
Shares of the crypto exchange dropped 7.2% on Thursday after it disclosed a social engineering-driven data breach and later reports revealed a long-running Securities and Exchange Commission (SEC) investigation into whether the company overstated user numbers in its 2021 initial public offering (IPO) filing. The stock’s intraday dip reached nearly 9% before recovering slightly.
Read more: Coinbase Could Pay Customers Up to $400M for Data Breach
Barclays said the market is likely pricing in too much risk, calling the reaction “somewhat overblown.” The firm emphasized that the cyberattack stemmed from bribed customer support agents rather than a failure in blockchain security.
According to Coinbase’s blog post, a group of overseas agents were paid off to leak customer data, including names, addresses and masked social security numbers, which scammers then used to convince users to send crypto assets.
Coinbase refused to pay a $20 million ransom demanded by the hackers. Instead, it has pledged to reimburse affected customers and is working with law enforcement. Less than 1% of transacting users were affected, and no passwords, private keys or customer funds were accessed directly.
Read more: SEC Is Probing Coinbase Over User Number Misstatement Concern
Oppenheimer echoed Barclays’ view, writing that while the breach damages the company’s reputation, it appears to be isolated and not indicative of broader systemic risk. Coinbase estimates it will spend between $180 million and $400 million to cover customer losses, legal expenses and a new bounty program aimed at catching the perpetrators.
As for the SEC probe, it concerns the 100 million “verified users” figure in Coinbase’s S-1 filing during its 2021 IPO. Coinbase stopped reporting this metric over two years ago, and analysts believe the investigation has been underway since the Biden administration.
Paul Grewal, Coinbase’s chief legal officer, said the probe should not be prolonged, and that it doesn’t relate to the company’s current performance.
The double dose of bad news comes just days after Coinbase stock surged on news it would be added to the S&P 500, which may have made the shares vulnerable to a pullback.
In a note to clients, Barclays pointed out that investors may be reacting not just to the news itself, but to the rapid rise in the stock in recent days. Oppenheimer called the current weakness in share price “a buying opportunity” and reaffirmed its outperform rating.
If anything, the episode underscores the thin line crypto firms walk between technological robustness and human vulnerability. And while the fallout may prove manageable, Coinbase’s response — and the market’s memory — will shape how long the shadow of this breach lasts.
Mark Palmer, analyst at Benchmark, also downplayed the long-term significance of the breach, characterizing it as a targeted, one-off incident rather than evidence of deeper security flaws. He pointed out that the attackers gained access through bribed customer support contractors rather than through Coinbase’s core systems, which remained intact. No passwords, private keys or customer funds were compromised.
Palmer also dismissed the SEC’s investigation into Coinbase’s past user metrics as “little more than noise,” noting it relates to a metric the company stopped reporting over two years ago.
Despite the headline risk, he reaffirmed his bullish outlook, raising his price target on Coinbase to $301 from $252 and emphasizing the company’s potential to benefit from growing institutional adoption as regulatory clarity improves.
Disclaimer: Parts of this article were generated with the assistance from AI tools and reviewed by our editorial team to ensure accuracy and adherence to our standards. For more information, see CoinDesk’s full AI Policy.