Coinbase Faces Class-Action Lawsuit After Data Breach, Stock Drops 7.2%

Coinbase, a leading cryptocurrency exchange, is confronting another proposed class-action lawsuit following the disclosure of a recent data breach. The lawsuit, initiated by Coinbase investor Brady Nessler in a Pennsylvania federal court on May 22, asserts that the data breach and an alleged violation of an agreement with the UK’s Financial Conduct Authority (FCA) resulted in a significant decline in the market value of Coinbase’s common shares, causing substantial losses for stockholders.

The data breach, revealed by Coinbase on May 15, involved an extortion attempt where several customer support agents were bribed to access internal systems and steal user account data. The company estimated potential damages could reach $400 million. Nessler’s lawsuit specifically notes that Coinbase’s stock dropped by 7.2% to close at $244 on May 15 following the disclosure. Although the stock later recovered, spiking 9% to hit $266 by the closing bell on May 16, the lawsuit argues that the initial drop caused significant financial harm to investors.

The lawsuit also highlights an earlier incident where the FCA fined Coinbase’s UK arm $4.5 million in July 2024 for breaching a 2020 voluntary agreement. This agreement aimed to prevent the exchange from onboarding customers considered high risk by the regulator. According to the lawsuit, Coinbase onboarded 13,416 high-risk customers and offered them crypto services, which led to a 5% drop in the company’s stock price, closing at $231.52 on July 25, 2024. Nessler claims that Coinbase did not disclose this breach when it first listed its shares on the Nasdaq in April 2021, thereby artificially inflating the market price of its securities.

The class-action lawsuit is filed on behalf of anyone who purchased Coinbase stock between April 14, 2021, and May 14, 2025. It seeks damages and a jury trial, naming Coinbase CEO Brian Armstrong and chief financial officer Alesia Haas as defendants. This lawsuit is part of a series of legal actions against Coinbase following the data breach, with at least six other lawsuits accusing the company of mishandling the incident and failing to protect user data.

In addition to the data breach, another lawsuit filed in Illinois on May 13 alleges that Coinbase failed to notify users in writing about the collection, storage, or sharing of their biometric data, as well as the purpose and retention schedule for their data. This raises concerns about the company’s biometric data collection and storage practices, adding another layer of scrutiny to Coinbase’s operations.

The legal challenges faced by Coinbase underscore the growing concerns over data security and regulatory compliance in the cryptocurrency industry. As the company navigates these legal hurdles, it will be crucial for Coinbase to address these issues transparently and take necessary measures to regain investor confidence and ensure the protection of user data.