A group of Coinbase investors has taken legal action against the cryptocurrency platform, claiming it failed to alert the public in time about a cyberattack and a regulatory issue, both of which allegedly led to a drop in its stock price. The class-action lawsuit, filed in the U.S. District Court for the Eastern District of Pennsylvania, alleges that Coinbase withheld information from shareholders, resulting in significant financial harm.
At the center of the complaint is a data breach that compromised tens of thousands of user accounts and a violation by its UK affiliate of an earlier compliance agreement.
Read also: Coinbase Refuses Ransom After Insider Breach Hits <1% of Users
Table of Contents
Shareholders Push Back After Sudden Stock Decline
The data breach, which occurred in December 2024 but was not publicly acknowledged until May 15, 2025, involved hackers paying off Coinbase’s overseas customer support employees to access sensitive account details.
On the day of the disclosure, the company’s stock dropped by over 7%, closing at $244. Just a week earlier, shares had traded at a stronger level, but the news caused a swift reaction in the market.
According to Coinbase, the damage could cost the company between $180 million and $400 million in the form of customer reimbursements and internal fixes. Although the share price later climbed back to $263.16 by May 23, the dip has sparked lawsuits from shareholders and customers. The lead plaintiff, investor Brady Nessler, alleges Coinbase knowingly failed to alert investors to key risks in time.
The lawsuit lists CEO Brian Armstrong and CFO Alesia Haas as co-defendants. Shareholders who bought Coinbase stock between April 14, 2021, and May 14, 2025, are included in the proposed class action. The plaintiffs argue that earlier disclosure would have changed their investment decisions and possibly prevented their losses.
More Lawsuits Pile Up After Security Breach
Besides the class action brought by investors, at least six more legal cases were filed between May 15 and 16. These lawsuits center on the breach itself and accuse the company of having inadequate security systems and failing to act quickly. The affected user count has been reported as high as 97,000 accounts.
The attackers reportedly contacted Coinbase after gaining access and demanded $20 million in Bitcoin to keep the stolen data private. Instead of complying, Coinbase went public with the breach and announced a $20 million bounty for information leading to the arrest of those responsible. The reward is still active.
Coinbase later confirmed that the attackers succeeded in pulling sensitive information from 69,461 customer accounts. They had obtained access to email addresses, government-issued identification, and some transactional history. Login details and cryptocurrency wallets were not exposed, and the company has stated customer funds remained untouched.
Details of the Attack and Insider Involvement
The method used by the attackers involved tricking Coinbase’s customer support staff located overseas. Some employees accepted bribes and used their internal credentials to help the hackers gather user data. This included names, home addresses, masked Social Security numbers, and even images of IDs such as passports and driver’s licenses.
In addition to user data, internal training documents and support-related tools were copied. Despite the large volume of information stolen, Coinbase insists its core infrastructure, including login systems and Prime accounts, remained secure. The company’s formal statement confirmed that only support systems were affected, and no crypto assets were taken during the attack.
Company Response and Security Overhaul
Following the breach, Coinbase removed all employees who were found to be involved and forwarded their details to U.S. and international law enforcement. The company is working with investigators to trace the attackers using tagged wallet addresses believed to be linked to the stolen data.
On May 15, the company sent direct notifications to all affected users. For those who lost funds due to social engineering scams, reimbursements will be made after reviewing individual cases. Coinbase has also announced that it will make changes to its internal operations to strengthen its defenses.
One major shift includes opening a new customer support center within the U.S. New policies now limit access to sensitive customer data, and insider threat monitoring has been increased. The company is also requiring stricter ID checks for users performing large withdrawals and has slowed transaction processing for accounts that trigger risk alerts.
Future Measures to Regain Trust
In the two weeks following the breach, Coinbase has invested more in staff training, introducing security drills to identify weak spots in its systems. For customers whose data was exposed, the platform now requires scam-awareness prompts and other protections to reduce the chance of deception.
Despite the company’s assurance that no crypto wallets were breached, the damage to its reputation and investor confidence has already been felt. The class-action lawsuit is still in its early stages, but its outcome might be important for how crypto companies handle data security and public disclosures in the future.
Read also: Cetus Releases Full Incident Report After The Exploit
