The Central Bank of Ireland has fined Coinbase Europe Limited €21,464,734 for breaching anti-money laundering (AML) and counter-terrorist financing (CFT) transaction-monitoring obligations between April 2021 and March 2025, in what is the regulator’s first enforcement action in the crypto sector.
The regulator said that Coinbase Europe, which operates from Dublin as part of the Coinbase Group, failed to properly monitor more than 30 million customer transactions over a twelve-month period because of faults in its transaction-monitoring system. These unmonitored transactions, worth more than €176bn, represented about 31% of all Coinbase Europe activity during the affected period.
Coinbase cites coding errors in monitoring system
In a statement on Thursday 6 November 2025, Coinbase Europe said the failings arose from “technical coding errors” in five of the twenty-one monitoring scenarios built into its Transaction Monitoring System. The company said these errors affected transactions in 2021 and 2022 but were “identified and quickly fixed” within two to three weeks after discovery.
Coinbase said that during this period, it processed about 97 million crypto transactions, of which approximately 185,000 were later re-reviewed once the system was corrected. Following the retrospective review, the company filed roughly 2,700 Suspicious Transaction Reports (STRs) with the Irish authorities, covering transactions valued at €13m.
The exchange said the fine was based on its average annual revenue of €417m between 2021 and 2024, and that it had “cooperated fully” with the Central Bank of Ireland to reach the settlement. “Coinbase recognises the importance of effective AML procedures and takes our obligations under AML legislation and regulatory guidance very seriously,” the company said.
Delayed monitoring and criminal suspicions
According to the Central Bank, Coinbase took almost three years to complete the monitoring of the affected transactions. Its review led to the submission of 2,708 STRs concerning suspicions related to money laundering, fraud, drug trafficking, cyber-attacks and child sexual exploitation.
The regulator said Coinbase’s breaches included failing to monitor 30,442,437 transactions, to maintain internal controls and procedures to detect financial crime, and to conduct enhanced monitoring on 184,790 transactions.
Colm Kincaid, Deputy Governor for Consumer & Investor Protection, said the case underscored the importance of robust monitoring systems, particularly for crypto firms. “Crypto has particular technological features which, together with its anonymity-enhancing capabilities and cross-border nature, make it especially attractive to criminals looking to move their funds,” he said.
Settlement under new accountability framework
The Central Bank concluded the case under its Administrative Sanctions Procedure (ASP), introduced by the Central Bank (Individual Accountability Framework) Act 2023. Coinbase admitted the contraventions and agreed to the undisputed facts.
The regulator determined that a reprimand and a monetary penalty of €30.66m were warranted. A 30% settlement discount reduced the amount to €21.46m. The sanction remains subject to confirmation by the High Court.
Strengthening controls and Luxembourg operations
Coinbase said it has since improved its compliance systems to avoid similar incidents. It has enhanced testing and oversight of its transaction-monitoring scenarios and introduced new measures to detect evolving high-risk activity. The company added that its Irish subsidiary had strengthened governance of its compliance technology.
Coinbase Europe operates as part of the wider Coinbase Group, which also holds a licence in Luxembourg as a Crypto-Asset Service Provider (CASP) under the oversight of the Luxembourg Financial Sector Supervisory Commission (CSSF).
“Coinbase’s goal has always been and will always be to build the most trusted, compliant, and secure platform in the world,” the company said in its statement.
