On May 13, S&P Dow Jones Indices announced that Coinbase will officially replace Discover Financial Services in the S&P 500 index on May 19. Although companies like Block and MicroStrategy with strong Bitcoin connections were already in the S&P 500, Coinbase is the first cryptocurrency exchange to join the index, signaling that cryptocurrency is gradually moving from the margins to the mainstream in the United States. On the day of the announcement, Coinbase's stock surged 23%, breaking the $250 mark. Just three days later, Coinbase faced two major issues: a hacker bribing employees to steal customer data and demand a $20 million ransom, and an SEC investigation into the authenticity of its claim of over 100 million "verified users" during its 2021 IPO. These events have caused Coinbase's stock to drop over 7.3% at the time of writing. Interestingly, Discover Financial Services, which Coinbase is replacing, can be considered the "Coinbase" of the previous payment era. Discover is a digital bank and payment services company based in Illinois, founded in 1960. Its Discover Network is the fourth-largest payment network after Visa, Mastercard, and American Express. After Capital One was approved to acquire Discover in April, this 60-year-old digital banking company passed its S&P 500 "seat" to this emerging cryptocurrency "bank". This coincidental handover creates a sense of transition between old and new eras, while also bringing Coinbase's accumulated challenges to a critical point. [The translation continues in this manner, maintaining the original structure and meaning while translating all text outside of XML tags.]

At the same time, more and more securities firms are trying the same path, with Futu Securities and Tiger Securities also testing crypto trading, with some having applied for or obtained VA licenses from the Hong Kong SFC. Although the current user base is small, traditional brokers have natural advantages in user trust, compliance licenses, and low fee structures, which could become the next threat to native crypto platforms.

User Information Stolen, Is Coinbase Still Safe?

In April 2025, a security researcher discovered that some Coinbase user data was leaked on the Dark Web. Although the platform immediately responded that it was a "technical misunderstanding," it still raised user concerns about its security and privacy protection. Just two days before the Dow Jones Index company announced Coinbase's inclusion in the S&P 500 index, on May 11, 2025, Coinbase received an email from an unknown threat actor claiming to have customer account information and internal documents, demanding a $20 million ransom to not disclose the data. Coinbase subsequently confirmed the data leak during its investigation.

Cybercriminals obtained data by bribing overseas customer service agents and support personnel "mainly in non-US regions like India." These agents abused their access to Coinbase's internal customer support system to steal customer data. As early as February this year, blockchain detective ZachXBT had disclosed on the X platform that Coinbase users lost over $65 million due to social engineering scams between December 2024 and January 2025, with the actual amount potentially being higher.

Among them were some notable individuals, such as 67-year-old Ed Suman, a well-known artist who has been in the art world for nearly two decades and participated in works like Jeff Koons' "Balloon Dog" sculpture. In early this year, he fell victim to a fake Coinbase customer support scam, losing over $2 million in cryptocurrency. ZachXBT criticized Coinbase for not properly handling such scams, pointing out that other major trading platforms do not have similar issues, and suggested that Coinbase strengthen its security measures.

The continuous social engineering incidents, while currently not technically affecting user assets, have caused concern among many retail and institutional investors. Especially for institutions with large asset holdings on Coinbase. Calculating only the US BTC ETF institutions, as of mid-May 2025, they have a total holding of nearly 840,000 BTC, with 75% custodied by Coinbase. At a BTC price of $100,000, this amounts to an astonishing $63 billion, equivalent to the total nominal GDP of two Iceland in 2024.

Additionally, Coinbase Custody serves over 300 institutional clients, including hedge funds, family offices, pension funds, and endowment funds. As of the Q1 2025 financial report, Coinbase manages total assets (including institutional and retail customers) of $404 billion, with the specific amount of institutional custody assets not clearly disclosed in the latest report, but according to the Q4 2024 report, it should still exceed 50%.

Once this security barrier is broken, not only could user loss speed far exceed expectations, but more importantly, institutional trust would destroy the foundation of its enterprise. Therefore, after the hacking incident, Coinbase's stock price plummeted.

CEXs Are Trying to Save Themselves

Facing declining spot transaction fee income, Coinbase is also accelerating its transformation, trying to find growth space in derivatives and emerging assets. Coinbase acquired part of the shares of the options platform Deribit at the end of 2024 and announced the official launch of perpetual contract products in 2025. Its acquisition fills Coinbase's weaknesses in options trading and global market share.

Deribit has a strong influence in non-US markets (especially in Asia and Europe), and the acquisition gives Coinbase its dominant position in Bitcoin and Ethereum options trading "accounting for about 80% of global options trading volume, with daily trading volume maintained above $2 billion".

Meanwhile, 80-90% of Deribit's customer base are institutional investors. Its professionalism and liquidity in Bitcoin and Ethereum options markets are highly favored by institutions. Coinbase's compliance advantages and already well-established institutional ecosystem make it more suitable. By entering through institutions, it can face the squeeze from giants like Binance and OKX in the derivatives market.

Kraken, facing similar challenges, is trying to replicate Binance Futures' model in non-US markets. Since the derivatives market relies more on professional users, with relatively higher and stickier fee rates, it is an important profit source for exchanges. In the first half of 2025, Kraken completed the acquisition of TradeStation Crypto and a futures exchange, intending to build a complete derivatives trading ecosystem to hedge against the risk of declining spot transaction fees.

With the rise of Memecoins in 2024, Binance, OKX, and other CEX platforms began massively listing tokens with smaller market caps and high volatility to activate active trading users. Due to the wealth effects and trading activity of Memecoins, Coinbase was forced to join the battle, successively listing popular Solana ecosystem tokens such as BOOK OF MEME and Dogwifhat. Although these coins are controversial, they trade frequently and have fee rates several times higher than mainstream tokens, serving as a "blood replenishment method" for spot trading.

However, as a listed company, this approach is riskier for Coinbase. Even in the current crypto-friendly environment, the SEC is still investigating whether tokens like SOL, ADA, and SAND are securities.

Besides the aforementioned forced transformation strategies by CEXs, they are also starting to layout RWA and the most discussed areas like stablecoin payments. For example, Coinbase and Paypal's PYUSD, Coinbase supporting Circle's Euro stablecoin EURC that complies with EU MiCA regulations, or Binance's USD1 collaboration with WIFL. In the increasingly crowded trading market, many CEXs have shifted their focus from pure trading markets to application domains.

The golden age of transaction fees has quietly ended, and the second half of crypto trading platforms has already begun.

Welcome to join BlockBeats official community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Twitter Official Account: https://twitter.com/BlockBeatsAsia