Key Takeaways
- The lawsuit revolve around two things, one around a recent cybersecurity incident, and the other relating to a regulatory penalty from the United Kingdom’s Financial Conduct Authority.
- The breach prompted a $20 million extortion attempt, though Coinbase reported only “limited” data exposure.
Leading crypto exchange, Coinbase and two of its top executives are facing a proposed class action lawsuit filed in federal court, with allegations that the company failed to disclose critical information that led to financial harm for shareholders.
Filed on May 22 in the U.S. District Court for the Eastern District of Pennsylvania, the lawsuit was brought by investor Brady Nessler. It centers on two key disclosures made by the crypto exchange—one involving a recent cybersecurity incident, and the other relating to a regulatory penalty from the United Kingdom’s Financial Conduct Authority (FCA).
On May 15, Coinbase revealed that a cyberattack had occurred in December 2024. As per the exchange,several customer support agents had been bribed, allowing attackers to gain internal access and obtain user data. The breach prompted a $20 million extortion attempt, though Coinbase reported only “limited” data exposure. The company estimated the breach could cost up to $400 million.
Following the announcement, Coinbase shares dropped 7.2%, closing at $244 on May 15. Although the stock recovered 9% the following day to $266, it closed at $263 on May 23—still below pre-disclosure levels. The lawsuit argues that this decline reflects shareholder damage linked directly to the breach and Coinbase’s failure to communicate it in a timely manner.
Further, the complaint highlights a Euro 3.5 million ($4.5 million) fine issued by the FCA in July 2024 against CB Payments, Coinbase’s UK-based subsidiary. The regulator found that CB Payments had onboarded over 13,000 high-risk customers in violation of a voluntary agreement signed in 2020. Coinbase’s stock reportedly fell by 5% on July 25, 2024, the day after the penalty was disclosed.
Nessler claims that Coinbase should have revealed the existence of the FCA breach during its April 2021 IPO and alleges that the failure to do so misled investors and artificially inflated share value. The lawsuit covers shareholders who purchased Coinbase stock between April 14, 2021, and May 14, 2025.
The suit names Coinbase CEO Brian Armstrong and CFO Alesia Haas as co-defendants, alleging they were aware of both the FCA matter and the cyberattack but failed to disclose them in a timely or transparent manner.
Meanwhile, a separate legal case filed in Illinois on May 13 accuses the exchange of mishandling biometric data and violating user privacy laws.
The class action seeks damages for investors who say they were blindsided by the revelations, arguing that material information was withheld and investor confidence eroded as a result.