SEC's Crypto Enforcement Era Wiped Out by IT Blunder

The U.S. Securities and Exchange Commission (SEC) is facing mounting scrutiny over the loss of critical records tied to crypto enforcement actions under the tenure of former Chairman Gary Gensler. A recent Office of Inspector General (OIG) report revealed that the SEC’s Office of Information Technology (OIT) executed a “poorly understood and automated policy” in August 2023, resulting in the deletion of Gensler’s government-issued mobile device data. This “enterprise wipe” led to the permanent loss of text messages and system logs spanning from October 18, 2022, to September 6, 2023.

The report highlights a series of “avoidable” IT failures, including the absence of backups and inadequate procedures for handling records of senior officials. Nearly a year had passed without any backup of Gensler’s device, and when OIT conducted a “hastily performed factory reset,” it erased essential communications. Approximately 38% of the recovered messages were deemed mission-related and included discussions involving senior SEC staff and commissioners. One of the recovered messages pertained to a May 2023 conversation between Gensler, his staff, and the Enforcement Division’s director regarding potential enforcement actions against crypto platforms.

The incident has drawn sharp criticism from the crypto industry, particularly as the affected period coincided with significant regulatory developments. These included the FTX collapse, the Grayscale spot BitcoinBTC-- ETF lawsuit, and the SEC’s aggressive enforcement actions under “Operation Chokepoint 2.0.” The timing also overlapped with the release of the Staff Accounting Bulletin No. 121 (SAB 121), which tightened reporting requirements for crypto assets, and broader anti-crypto policies from other regulators.

Paul Grewal, Chief Legal Officer of CoinbaseCOIN--, expressed frustration over what he described as a “destruction of evidence” relevant to ongoing litigation. In a public statement, he criticized the prior leadership for their “hypocrisy” following repeated emphasis on data preservation and transparency. Grewal emphasized that the deletion was not a simple “oops” but a deliberate failure to retain records, which could hinder the SEC’s ability to respond to Freedom of Information Act (FOIA) requests.

Coinbase had previously filed a FOIA request in March 2025, seeking detailed records on the SEC’s crypto enforcement spending, staffing, and internal operations, including the now-infamous “Crypto Assets and Cyber Unit”. The loss of Gensler’s texts may complicate the agency’s ability to provide full responses to such inquiries. The OIG report underscores the need for improved IT protocols and record-keeping practices to prevent similar lapses in the future.