Cryptocurrency platform Coinbase is now facing legal action from investors after a data breach exposed personal data belonging to more than 69,000 customers.
Lawsuit Filed Alleging Securities Law Violations After Customer Data Exposure
On May 22, Coinbase investor Brady Nessler filed a class action lawsuit in a Pennsylvania federal court, alleging that Coinbase violated federal securities laws by failing to disclose key incidents and properly protect user data. The suit comes in the wake of a data breach that affected 69,461 customers and triggered a 7.2% drop in Coinbase’s stock price.
Nessler claims Coinbase also failed to disclose a previous enforcement action by the UK’s Financial Conduct Authority, which had imposed a penalty. According to the filing, this lack of transparency contributed to artificially inflated stock prices.
The company’s stock hit a 12-month high of $343.62 in December 2024, dropped to $151.47 in April 2025, then climbed back to $263.41 on May 14. It fell again to $244.44 following news of the breach. As of May 23, shares were trading at $263.16.
Insider Bribery Led to Massive Data Breach and Ransom Demand
Coinbase detected the breach on May 11 after receiving a ransom demand for $20 million. The attacker claimed they had stolen customer data and would leak it unless the ransom was paid.
The company refused the demand and instead offered a $20 million reward for information leading to the attacker’s identification. Investigations revealed that the breach was made possible through insiders working at Coinbase’s overseas retail support locations, who had been bribed by the attacker.
On May 30, Coinbase began contacting the impacted customers.
“We discovered that a small number of individuals, performing services for Coinbase at our overseas retail support locations, improperly accessed customer information. This included information related to your account,” the company stated in its data breach notice filed with the Maine Attorney General’s office.
The notice clarified that passwords, seed phrases, and private keys were not exposed, and Coinbase Prime was not affected. However, the stolen data included:
- Masked Social Security and bank account numbers
- Scans of government-issued IDs such as passports and driver’s licenses
- Transaction history and account balances
Financial Impact Estimated at Up to $400 Million
In a Form 8-K filing with the U.S. Securities and Exchange Commission, Coinbase estimated the breach will cost between $180 million and $400 million, covering remediation efforts and voluntary reimbursements to affected users.
“The company plans to aggressively pursue all remedies. As the company’s investigation is ongoing, the full impact of these events are not yet known.”
