Coinbase faces another data breach lawsuit
Coinbase faces class-action lawsuit over data breach and UK violations
Coinbase and two top executives are facing a proposed class-action lawsuit. It was filed in Pennsylvania federal court by investor Brady Nessler.
He claims the crypto exchange’s stock dropped after it disclosed a data breach and an earlier violation of a UK regulator agreement, reports Cointelegraph.
According to the May 22 complaint, these events caused a sharp decline in Coinbase shares. Nessler alleges this led to “significant losses and damages” for investors. The breach, disclosed on May 15, involved a $20 million extortion attempt and insider bribes. Coinbase said potential damages could reach $400 million.
Stock volatility fuels legal arguments
Nessler noted that Coinbase’s (COIN) share price dropped 7.2% to $244 after the data breach news, before briefly rebounding to $266 the following day. Despite this partial recovery, COIN closed at $263 on May 23, still trailing from earlier levels.
The lawsuit is the first among several recent filings to directly tie the share price drop to the security incident, suggesting that Coinbase’s handling of the breach materially affected investors. The lawsuit also alleges that Coinbase’s stock was previously overvalued due to undisclosed regulatory issues.
FCA violation adds pressure to Coinbase legal troubles
The complaint also points to a $4.5 million fine issued by the FCA in July 2024, stemming from Coinbase’s UK arm onboarding over 13,000 high-risk customers against a prior agreement. Nessler claims the company failed to disclose this breach when it went public in 2021, leading investors to buy shares at “artificially inflated prices.”
CEO Brian Armstrong and CFO Alesia Haas are named as defendants, alongside Coinbase. The lawsuit seeks damages and a jury trial on behalf of shareholders who bought stock between April 2021 and May 2025. Coinbase has not yet commented on the new legal action.
Recently we wrote that Coinbase, the world's third largest cryptocurrency exchange, has refused to pay a $20 million ransom after a small group of cryptoscammers, along with outside customer support contractors, disclosed sensitive user data.
