Extremely interesting - they seem to be using coinbase's mail infrastructure, here are some headers from the mail that I got:

Received: from o1.em.coinbase.com (o1.em.coinbase.com [50.31.37.137])
   (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
   (No client certificate requested)
   by xxx (mail service) with ESMTPS id xxxx
   for ; Wed,  8 Apr 2015 xx:xx:xx +xxxx (xxx)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=coinbase.com;
   h=content-type:mime-version:content-transfer-encoding:from:to:subject;
   s=smtpapi; bh=xxxx; b=xxxx
Received: by filterxxx.sendgrid.net with SMTP id filterxxxx
        2015-04-08 xx:xx:xx.xxxxxxxx +0000 UTC
Received: from xxxx (unknown [5.101.xx.xx])
   by ismtpd-008 (SG) with HTTP id xxxx
   for ; Wed, 08 Apr 2015 xx:xx:xx +0000 (UTC)

(xxx'd all identifying information)

Maybe a hacked coinbase employee mail account?
The original source of the HTTP request is a DigitalOcean IP address, presumably a VPS. I don't know whether the whole run was sent from that IP, if it was, xxxing does not make much sense of course as it is not specific to me.

Onkel Paul