Coinbase Europe Fined $24.7M by Irish Regulator Over Transaction Monitoring Failures

Coinbase Europe Limited, the European arm of the U.S. cryptocurrency exchange, has agreed to pay a €21.5 million ($24.7 million) penalty to the Central Bank of Ireland for serious lapses in anti-money-laundering compliance. 

The fine follows a multi-year investigation that found significant flaws in the company’s transaction-monitoring systems between 2021 and 2025, issues that left tens of millions of crypto transfers outside proper oversight.

The Central Bank said Coinbase Europe failed to detect and report suspicious activity across a large portion of its operations. Regulators concluded that the technical errors had exposed the platform to potential financial-crime risks linked to the rapid and anonymous nature of blockchain transactions.

Coding Errors Led to Gaps in Surveillance

In a Thursday blog post, Coinbase said it discovered that three coding errors in its internal compliance software had prevented several monitoring “scenarios” from screening certain crypto addresses. The problem arose when the system encountered special characters that separated wallet addresses, effectively causing parts of the automated review process to fail.

The malfunction meant that between April 2021 and March 2025, more than 30 million transactions, worth over €176 billion ($202 billion), were not fully examined. That figure represented about 31 percent of all transactions handled by Coinbase Europe during the period.

Coinbase said it identified the fault through internal testing, corrected the code within weeks, and then re-screened all impacted activity. The process took almost three years because of the vast data volume. After the full review, the company filed 2,708 suspicious-transaction reports covering about $15 million in flows. The firm emphasized that those reports were filed under legal obligation and did not confirm illicit conduct.

Regulators, however, viewed the lapse as a major breach of Ireland’s Anti-Money-Laundering and Counter-Terrorist-Financing (AML/CFT) standards. They determined that Coinbase Europe had “failed to properly monitor a significant portion of customer transactions,” delaying mandatory notifications to both the national Financial Intelligence Unit and the Revenue Commissioners.

Colm Kincaid, Director of Consumer Protection at the Central Bank, underlined why crypto platforms face heightened scrutiny. “Crypto has particular technological features which, together with its anonymity-enhancing capabilities and cross-border nature, makes it especially attractive to criminals looking to move their funds,” he said. “This is why it is especially important that firms engaged in crypto services have robust controls in place to identify and report suspicious transactions.”

Regulatory Action and Coinbase’s Response

The Central Bank calculated its sanction using Coinbase’s average Irish revenue, about $480 million between 2021 and 2024, and said the penalty ranks as the fourth-largest ever issued by the regulator. It is also the first enforcement action of this scale against a crypto company in Ireland.

The regulator described the faults as “configuration weaknesses” in Coinbase’s surveillance systems, which reduced its ability to detect and escalate potentially high-risk flows. Inspectors found shortcomings in alert generation, case management, and record-keeping. Tests suggested that some alerts failed to trigger properly, preventing compliance analysts from assessing suspicious activity in real time.

In response, Coinbase Europe said it has taken “comprehensive corrective steps” to improve its Transaction Monitoring System. The firm introduced stricter pre-deployment reviews, expanded testing of its surveillance scenarios, and built ongoing quality-assurance checks to ensure future issues are caught early.

“Coinbase recognizes the importance of effective AML procedures and takes our obligations under AML legislation and regulatory guidance very seriously,” the company said in a statement. It added that its compliance teams had increased staffing, upgraded internal reporting dashboards, and invested in independent validation of alert logic.

The Central Bank’s decision has wide implications for the industry. Supervisors signaled that follow-up inspections will focus on governance, escalation routes, and documentation. Firms will be expected to align alert thresholds with actual transaction volumes and to produce complete audit trails. The regulator said the fine serves both a corrective and deterrent purpose, urging other crypto service providers to invest in stronger monitoring infrastructure.

Coinbase’s European operation, headquartered in Dublin since 2018, obtained an Irish e-money license in 2019, one of only a few crypto companies to do so at the time. The firm later chose Ireland as its European crypto hub in 2023, positioning itself for the upcoming Markets in Crypto-Assets (MiCA) framework that allows passported services across the European Union.

Broader Policy Dispute Over Stablecoin Oversight

While addressing its compliance challenges in Europe, Coinbase has also entered a new policy battle in the United States. This week, the company sent a formal letter to the U.S. Treasury Department urging clear limits on how regulators interpret the recently enacted GENIUS Act, the country’s first comprehensive stablecoin law passed in July 2025.

Coinbase argued that the statute was designed to govern issuers of payment stablecoins, not the wider crypto ecosystem. The exchange warned that expanding the law’s reach to include software developers, validators, and open-source protocols could “unintentionally stifle innovation” and discourage domestic blockchain development.

“The Treasury should follow congressional intent, not expand it,” the letter stated, calling for balanced oversight that protects consumers without over-regulating technology creators. Coinbase insisted that non-financial software builders and blockchain validators must remain outside the scope of financial-supervision rules.

The company also addressed one of the most debated aspects of the GENIUS Act – the ban on interest-bearing stablecoins. Coinbase maintained that the restriction applies strictly to issuers, not to exchanges or platforms offering yield or reward programs based on user balances. 

If accepted, this interpretation would allow platforms like Coinbase to continue offering yield incentives on stablecoin holdings, even though issuers themselves cannot pay interest directly.

That position clashes with major banking associations, which have pressed Treasury to prohibit all forms of stablecoin interest, arguing that any exemptions would create “regulatory loopholes.” Traditional financial groups say a broad ban is necessary to prevent unfair competition and potential consumer confusion about deposit-like products offered by crypto firms.

The debate underscores growing tension between crypto companies and traditional banks over how far stablecoin regulation should reach, and who it should govern. Treasury officials are expected to release a proposed rule-making in the coming months, setting up another round of consultations between industry participants and financial authorities.

For Coinbase, the €21.5 million fine marks a significant compliance reckoning at a time when regulators across the globe are tightening their oversight of digital-asset markets. The Irish case, while rooted in technical mistakes, highlights the risks faced by exchanges operating at large scale across multiple jurisdictions.

The enforcement action also arrives as Coinbase’s U.S.-listed shares continue to trade actively. On Thursday, COIN closed at $319.30, up 3.9 percent, before dipping slightly in pre-market trading to $318.01 amid modest profit-taking.

Analysts say the firm’s European strategy, anchored in Dublin, remains central to its global operations. But the penalty may prompt a renewed focus on compliance technology, staff training, and regulator engagement. For its part, the Central Bank of Ireland has made clear that crypto companies will be held to the same standards as traditional financial institutions.

As Kincaid put it, the aim is simple: to ensure that firms offering digital-asset services “have robust controls in place” to keep criminal funds out of the system. Whether this latest case sets a precedent for the wider European crypto industry remains to be seen, but it has already sent a strong signal about the direction of regulatory enforcement in the years ahead.