Central Bank of Ireland hits crypto exchange with $24 million penalty after coding errors left over 30 million transactions worth €176 billion improperly screened for money laundering between 2021 and 2022.
Coinbase Europe has been fined €21.5 million (approximately $24 million) by Ireland's Central Bank for significant failures in its anti-money laundering compliance program, marking the regulator's first enforcement action against a cryptocurrency company and one of the largest penalties ever imposed by the Irish financial watchdog.
The Central Bank of Ireland announced Thursday that Coinbase Europe Limited breached its transaction monitoring obligations between April 2021 and March 2025, failing to properly monitor over 30 million transactions valued at more than €176 billion - representing approximately 31% of all the company's European transactions during a critical 12-month period.
Three Coding Errors Created Massive Compliance Gap
In a statement, Coinbase acknowledged that the failures stemmed from three inadvertent coding errors in its Transaction Monitoring System (TMS) that caused five of 21 monitoring scenarios to malfunction. The technical glitches meant that certain cryptocurrency addresses - particularly those separated by special characters - were systematically overlooked by the exchange's compliance surveillance.
"In building this TMS system, Coinbase inadvertently made three coding errors that caused five of the 21 TMS scenarios to not fully screen all transactions in 2021 and 2022," the company explained. "For example, crypto addresses separated by special characters were overlooked by these scenarios."
The coding flaws did not affect the other 16 monitoring scenarios or Coinbase's complementary compliance controls, the company emphasized. However, the five compromised scenarios created a significant blind spot in the exchange's ability to detect potentially illicit activity during a period of rapid growth.
Coinbase said it discovered the errors through its own internal testing and fixed them within two to three weeks of detection by the end of April 2022. However, completing the retrospective review of all affected transactions took nearly three years, with the final transactions processed in March 2025.
Thousands of Suspicious Transactions Flagged After Review
After reprocessing the approximately 97 million cryptocurrency transactions that occurred during the relevant period through the corrected monitoring system, Coinbase Europe identified roughly 185,000 transactions requiring further compliance investigation. Of these, around 2,700 ultimately triggered Suspicious Transaction Reports (STRs) filed with Ireland's Financial Intelligence Unit.
The Irish Times reported that these suspicious transaction reports contained concerns associated with serious criminal activities including money laundering, fraud or scams, drug trafficking, cyberattacks, and child sexual exploitation. The total value of the flagged transactions amounted to approximately €13 million.
However, both the Central Bank of Ireland and Coinbase stressed that filing a suspicious transaction report does not necessarily indicate that criminal activity occurred. Such reports are mandated by law whenever there is a reasonable basis for concern, serving as alerts for law enforcement to investigate further.
Regulator Warns of Crypto's Appeal to Criminals
Colm Kincaid, the Central Bank's Deputy Governor for Consumer and Investor Protection, emphasized the critical importance of robust transaction monitoring systems in combating financial crime.
"To be effective in combatting financial crime, law enforcement agencies rely on regulated financial institutions to have systems in place to monitor transactions and report suspicions," Kincaid stated. "The failure of such a system within any financial institution creates an opportunity for criminals to evade detection - and criminals will take that opportunity."
Kincaid specifically highlighted cryptocurrency's particular vulnerabilities: "Crypto has particular technological features which, together with its anonymity-enhancing capabilities and cross-border nature, makes it especially attractive to criminals looking to move their funds."
The settlement included a 30% discount from the original penalty of approximately €30.7 million, granted in recognition of Coinbase Europe's cooperation with the investigation and admission of the contraventions. The fine is based on Coinbase Europe's average annual revenue of €417 million for the relevant period.
Pattern of Compliance Failures
This is not the first time Coinbase has faced significant regulatory penalties for compliance shortcomings. In January 2023, the New York State Department of Financial Services fined Coinbase $50 million and required an additional $50 million investment in its compliance program after finding "wide-ranging and long-standing failures" in the company's anti-money laundering program.
The Irish Times noted that the issues underlying the Irish case stemmed from transaction monitoring problems at Coinbase Inc in the United States, which were the subject of the New York investigation. Coinbase Europe had outsourced significant aspects of its transaction monitoring to its U.S. parent company.
"Coinbase Europe said that it was unaware of the issues because its systems and controls at the time were ineffective to oversee its US sister's work," Silicon Republic reported.
Enhanced Compliance Measures Implemented
In response to the failures, Coinbase said it has implemented substantial enhancements to prevent similar issues from recurring. The company strengthened testing protocols for its Transaction Monitoring System, including mandatory pre-implementation reviews for any code changes.
"Coinbase has continued to invest in TMS, building new scenarios to detect evolving high risk activity," the company stated. "We have enhanced testing and monitoring of TMS scenarios, including before any code changes are made to the system, to prevent inadvertent errors."
The exchange also emphasized its commitment to regulatory compliance: "Coinbase recognizes the importance of effective AML procedures and takes our obligations under AML legislation and regulatory guidance very seriously. Our goal has always been and will always be to build the most trusted, compliant, and secure platform in the world."
Coinbase's European Restructuring
The fine comes months after Coinbase executed a significant strategic shift in its European operations. In June 2025, Coinbase secured a Markets in Crypto Assets (MiCA) license from Luxembourg, allowing it to offer services across all 27 European Union member states under unified regulation.
More significantly, the company relocated its primary European headquarters from Ireland to Luxembourg, reversing an earlier 2023 decision to make Ireland its central EU hub. While Coinbase emphasized that the move was driven by Luxembourg's "pro-business climate and thoughtful approach to regulation," some reports suggested the company had experienced friction with the Central Bank of Ireland.
Tom Duff Gordon, Coinbase's Vice President of International Policy, indicated in a recent interview that there wasn't one particular reason for leaving Ireland, pointing to Luxembourg's mature legal framework for areas like tokenization. However, he noted: "At the top of the bank, let's just say that historically they have not necessarily seen the kind of value of this industry."
Despite the headquarters move, Coinbase maintains operations in Ireland, employing more than 100 people in Dublin with plans to add approximately 50 additional roles in 2025.
Broader Industry Implications
The enforcement action signals regulators' increasing scrutiny of cryptocurrency compliance as digital assets move toward mainstream adoption. As a registered Virtual Asset Service Provider (VASP) in Ireland, Coinbase Europe was required to monitor customer transactions continuously and file suspicious transaction reports whenever money laundering or terrorist financing was suspected.
France24 noted that the crypto industry has long sought to shed its image as a tool favored by scammers and criminals, hoping to position itself as a reliable alternative to traditional financial systems. However, regulators remain concerned about the sector's vulnerability to illicit activity.
The Central Bank of Ireland's action also reflects broader international efforts to bring cryptocurrency firms under the same anti-money laundering standards that apply to traditional financial institutions. Europe's MiCA framework, which began phasing in from mid-2025, aims to create harmonized consumer protections and compliance standards across the European Union.
Other major exchanges including OKX, Crypto.com, and Bybit have also secured MiCA licenses, indicating a shift toward regulated, compliant crypto services in Europe. As the industry matures, exchanges face pressure to demonstrate they can operate with the same rigor expected of banks and other financial institutions.
What Comes Next
The fine must still be confirmed by Ireland's High Court before payment is finalized. Coinbase Europe has admitted to the prescribed contraventions and agreed to the undisputed facts outlined in the settlement notice.
For Coinbase, the penalty represents another costly lesson in the importance of robust compliance infrastructure - particularly as the company seeks to establish itself as a trusted, regulated player in traditional and crypto finance. The exchange's recent strategic moves, including its Luxembourg headquarters and expanding regulatory licenses globally, suggest it is prioritizing compliance and regulatory relationships as key competitive advantages.
However, the nearly three-year gap between fixing the technical errors and completing the transaction review raises questions about resource allocation and the challenges of retrospective compliance work at scale. As crypto exchanges handle billions in daily volume, the ability to quickly identify and remediate compliance failures becomes increasingly critical.
The Central Bank of Ireland's enforcement action sends a clear message to the broader crypto industry: technical complexity is not an excuse for compliance failures, and regulators will hold cryptocurrency firms to the same anti-money laundering standards that apply throughout the financial sector.