Coinbase sent erroneous account security notifications to 125,000 customers

Thiago Prudencio | LightRocket | Getty Images

Coinbase, the largest cryptocurrency exchange in the U.S., acknowledged that it erroneously told about 125,000 customers that their security settings had changed.

The company, which is publicly traded on the Nasdaq, told CNBC on Monday that it was the result of an internal error.

Coinbase has spent “most of the weekend working with customers to make sure we can address their questions,” company spokesperson Andrew Schmitt told CNBC. “We believe the only way to build trust with our customers is to be transparent when we mess up.”

The incident comes in the wake of a CNBC story a week ago that detailed widespread complaints from Coinbase customers whose accounts were hacked and then could not reach anyone from the company to help. Coinbase said then it was improving its customer service by rolling out voice support this month for customers whose accounts had been taken over by a third party, and live chat later this year.

The company sent the security-settings email to customers at 1:45 p.m. PT Friday. It said: “Your 2-step verification settings have been changed.” This prompted confusion and alarm among investors who thought their account had been hacked.

Coinbase then sent a second email that the notification was “sent in error.” The company said in a tweet it “experienced a notification delivery issue that sent SMS text messages and email notifications alerting customers that their account 2FA settings were changed.” 

“Our team immediately began work to identify the issue and stop these erroneous notifications. We were able to stop these erroneous notifications by 3:07pm PST. However, we recognize that this caused confusion for some,” the tweet said.

The company said “we will continue to work to gain back the trust of every one of our customers who was impacted by those notifications.”

The issue was the result of an internal error and not a hack, said Schmitt, the company spokesperson. “All of a sudden, the system just started sending stuff like a bug in the system, but it was not a malicious or third party error.”

Don Pirtle, a 53-year-old retired police officer, told CNBC that he was alarmed when he got the company’s email on Friday that his two-factor authentication had been changed. He said he was afraid that a hacker was trying to take over his Coinbase account.

“I was scared to death. I contacted my daughter and her boyfriend. I asked them, ‘Should I sell my crypto?'” Pirtle said. “I thought, ‘I have to sell this before I lose the money.”‘

That day, he said he sold $60,298 in crypto – an investment he was making for his grandson. He now questions whether it’s a safe investment.

Coinbase, which went public in April, has more than 68 million users, more than 2,100 full-time employees, and $223 million in held assets, according to the company.