Watch Carol and Tim LIVE every day on YouTube: http://bit.ly/3vTiACF.

Coinbase Global Inc. is cooperating with the US Securities and Exchange Commission on an agency probe into its previously reported user metrics, the company said Thursday.

“This is a hold-over investigation from the prior administration about a metric we stopped reporting two and a half years ago, which was fully disclosed to the public,” Paul Grewal, Coinbase’s chief legal officer, said in a statement. “While we strongly believe this investigation should not continue, we remain committed to working with the SEC to bring this matter to a close.”

Grewal noted that Coinbase’s “verified users metric” might have overstated the number of unique customers and that the company continues to disclose “the more relevant metric of ‘monthly transacting users’” on the platform. The SEC declined to comment.

Meanwhile, it turns out that hackers had near-constant access to some of Coinbase’s most valuable customer data since January, according to a person familiar with the incident who asked not to be named discussing company matters. 

The largest US crypto exchange disclosed earlier on Thursday that hackers bribed customer representatives to steal the data and then demanded a $20 million ransom to delete it. Coinbase began noticing unusual activity from some of these representatives in January, the company confirmed in an interview with Bloomberg News. 

The hackers bribed customer service representatives to get access to names, dates of birth, addresses, nationalities, government-issued ID numbers, some banking details and details about when customer’s accounts were created and their balance, the person familiar with the situation said. This information could be used to attempt to impersonate Coinbase and convince customers to let the hackers into their account. It could also be used to impersonate the victims with other service providers to attempt to convince them to let hackers into other financial accounts they might own.

The threat actors had bribed enough customer service representatives to achieve effectively on-demand access to Coinbase customer information in the past five months, the person said. In an interview with Bloomberg News, Chief Security Officer Philip Martin disputed the near constant access assertion, saying Coinbase pulled the agents’ access as soon as it was discovered they were improperly sharing information. Therefore the hackers “did not have persistent access over the course of the entire period,” he said.

Today's show features:

• stacy-marie ishmael, Bloomberg News Executive Editor for Crypto and payments
• Dana Telsey, CEO and Chief Research Officer of Telsey Advisory Group
• Bloomberg News National Security Reporter Jamie Tarabay
• Tim Herbert, Chairman, President and CEO of Inspire Medical Systems

See omnystudio.com/listener for privacy information.