Later in January, the company launched a U.S.-based bitcoin exchange for professional traders called Coinbase Exchange. In January and then March 2017, Coinbase obtained BitLicense and was licensed to trade in Ethereum and Litecoin from the New York State Department of Financial Services (DFS). In May 2016, Coinbase rebranded the Coinbase Exchange, changing the name to Global Digital Asset Exchange (GDAX). In July, they added retail support for Ether. In September, Coinbase began to offer services in Canada and Singapore. Also, in July, they announced they would halt services in August after the closure of Canadian online payments service provider Vogogo.

Crypto Trading Guide

In January 2019, Coinbase stopped all trading on Ethereum Classic due to a suspicion of an attack on the network. Neutrino founders’ connection to the HackingTeam, which has been accused of providing internet surveillance technology to governments with poor human rights records. Coinbase’s security team detected and blocked the attack, the network was not compromised, and no cryptocurrency was stolen. In February, Coinbase announced that it had acquired “blockchain intelligence platform” Neutrino, an Italy-based startup, for an undisclosed price. This reported attack used spear-phishing and social engineering tactics (including sending fake e-mails from compromised email accounts and creating a landing page at the University of Cambridge) and two Firefox browser zero-day vulnerabilities. In August, Coinbase announced that it was targeted by a hacking attack attempt in mid-June.

The supported cryptocurrencies included bitcoin, ether, Dogecoin and others present on the crypto exchange. Coinbase said it received an email from an unknown threat actor on 11 May, claiming access to sensitive customer details and internal company documents. In May 2025, Coinbase disclosed that they had been targeted by a significant cyber attack that could cost the company between $180m (£135m) and $400m (£300m), after hackers breached account data belonging to a “small subset” of its users.

The company confirmed that the attackers accessed names, addresses, and emails, but did not obtain login credentials and passwords. On 22 March 2023, Coinbase received a Wells notice from the U.S. Securities and Exchange Commission (SEC) signalling that the SEC intended to begin an enforcement action over Coinbase’s staking products. The next month, Coinbase sued the SEC asking a federal court to force the regulator to respond to a rulemaking petition the company submitted last year asking it to make clear regulations pertaining cryptocurrencies. Coinbase responded by calling the investigation “cursory”, and stated that it would continue to operate as usual. The SEC also alleged that Coinbase never registered its staking service as required by U.S.