The lawsuit arrives as more details surface about the recent attack
Coinbase is facing fresh legal trouble following a recently disclosed data breach and a past regulatory violation in the UK. A new proposed class-action lawsuit, filed by investor Brady Nessler on May 22 in a Pennsylvania federal court, alleges the crypto exchange failed to properly inform shareholders about these issues, which led to a sharp drop in its stock price.
The complaint centers around a security breach earlier this month, where several Coinbase customer service agents were reportedly bribed to access internal systems. The attackers stole a limited amount of user account data and then demanded $20 million in exchange for not causing further harm. Coinbase disclosed the breach on May 15, stating the total damages could reach as high as $400 million.
Following the announcement, Coinbase shares dropped 7.2% to close at $244 on May 15. Although the stock quickly rebounded by 9% the next day, concerns over the company’s internal security practices lingered.
Nessler’s lawsuit also references a $4.5 million fine imposed by the UK Financial Conduct Authority (FCA) in July 2024. The penalty stemmed from Coinbase’s failure to comply with a 2020 agreement that restricted it from onboarding high-risk users. According to the FCA, the exchange signed up over 13,000 customers that should have been excluded under the agreement.
The lawsuit claims that Coinbase did not disclose this regulatory breach during its initial public offering in April 2021. Nessler argues that had this information been made public, investors might have thought twice before buying shares at what she calls “artificially inflated” prices.
The suit names Coinbase CEO Brian Armstrong and CFO Alesia Haas as co-defendants and seeks damages for anyone who purchased stock between April 2021 and May 2025. Coinbase has yet to issue a response to the allegations.
