Coinbase Europe has been fined €21.5 million by the Central Bank of Ireland after coding errors caused major lapses in its transaction monitoring system, leaving over €176 billion in crypto activity unreviewed for a year.
Key Takeaways
- Coinbase Europe was fined €21.5 million for failing to properly monitor transactions in 2021 and 2022 due to coding errors.
- Over 30 million transactions valued at €176 billion went unmonitored, leading to late filings of 2,708 suspicious transaction reports (STRs).
- The errors stemmed from faulty configuration in five out of 21 transaction monitoring scenarios.
- Coinbase has since corrected the issue and enhanced its compliance systems to prevent similar failures.
What Happened?
The Central Bank of Ireland has fined Coinbase Europe Limited after discovering that coding errors in its transaction monitoring system caused a significant breach of anti-money laundering (AML) and counter-terrorist financing (CTF) regulations. These issues led to a delay in identifying and reporting suspicious crypto activity, prompting a formal settlement between Coinbase Europe and the Irish regulator.
BREAKING: 🇮🇪 The Central Bank of Ireland fined Coinbase $24.6M for AML and transaction monitoring failures. pic.twitter.com/PSVid61rJg
— Conor Kenny (@conorfkenny) November 6, 2025
€176 Billion in Transactions Left Unchecked
Between April 2021 and March 2022, Coinbase Europe failed to properly monitor over 30 million crypto transactions. These transactions, worth a staggering €176 billion, represented around 31 percent of the company’s activity during that time. The Central Bank said the oversight was due to coding faults in Coinbase’s Transaction Monitoring System (TMS), which is responsible for detecting potentially suspicious patterns in customer activity.
Key findings include:
- Three coding errors affected five out of 21 transaction monitoring scenarios.
- These affected scenarios failed to detect certain transactions, such as those involving crypto addresses separated by special characters.
- The errors remained undetected for 12 months and took nearly three years to fully resolve, according to the regulator.
2,708 Suspicious Reports Filed Late
Once Coinbase Europe identified the issue during routine compliance testing, the company:
- Fixed the coding errors within two to three weeks.
- Reviewed approximately 185,000 previously unmonitored transactions.
- Ultimately filed 2,708 Suspicious Transaction Reports (STRs) with Irish authorities, covering transactions valued at €13 million.
The Central Bank emphasized that these reports included transactions suspected to be linked to money laundering, fraud, drug trafficking, cyberattacks, and child sexual exploitation. However, the settlement does not claim that these transactions definitively involved criminal activity.
Fine Reduced Following Settlement
The initial penalty was set at €30.7 million, but was reduced to €21.5 million under a 30 percent settlement discount scheme. The fine was calculated based on Coinbase Europe’s average annual revenue of €417 million over the relevant period. Coinbase accepted the reprimand and the fine, which now awaits confirmation from Ireland’s High Court.
Coinbase Responds with Compliance Upgrades
In response to the findings, Coinbase has implemented several improvements:
- Enhanced testing and monitoring of all TMS scenarios.
- Increased oversight of technical systems.
- Expanded investment into new scenarios to catch evolving high-risk activities.
The company reiterated its commitment to building a trusted and secure platform, stating:
“Our goal has always been and will always be to build the most trusted, compliant, and secure platform in the world.”
CoinLaw’s Takeaway
In my experience, this kind of fine sends a clear message across the crypto industry. You can have cutting-edge tech, but if your compliance tools aren’t bulletproof, regulators will act. It’s especially alarming that such a large volume of transactions went unchecked for so long. Coinbase did the right thing by fixing the issues quickly and cooperating with the authorities, but the damage to trust is real. If you’re operating in this space, you can’t afford to treat compliance like an afterthought.
