Coinbase is once again in the legal spotlight as a fresh proposed class-action lawsuit accuses the crypto exchange of causing investor losses tied to a recent data breach and an alleged violation of a previous regulatory agreement. This time, the focus isn’t just on compromised user data — it’s also on the financial hit shareholders took when Coinbase’s stock value tumbled.
Filed on May 22 in a Pennsylvania federal court, the lawsuit comes from investor Brady Nessler, who claims the company’s failure to timely disclose damaging events led to a significant drop in the value of its common shares. According to Nessler, both the data breach that became public earlier this month and a breach of an agreement with the United Kingdom’s Financial Conduct Authority (FCA) contributed to the decline, costing shareholders substantial losses.
Earlier in May, Coinbase revealed that it had suffered a breach in which some customer support agents were bribed. This allowed bad actors to access sensitive internal systems and steal limited customer data. The incident reportedly led to a $20 million extortion attempt and could ultimately cost the company up to $400 million in damages, according to Coinbase’s own disclosures.
On the day of the announcement, May 15, Coinbase (COIN) shares plunged by 7.2%, closing at $244 — a clear indication of the market’s negative reaction. However, the price saw a swift recovery the following day, bouncing back by 9% to reach $266. Despite the rebound, Nessler argues that the initial plunge inflicted real financial damage on shareholders.
Adding another layer to the legal complaint is Coinbase’s alleged failure to inform investors about a separate issue involving UK regulators. Back in July 2024, the FCA fined Coinbase’s UK branch approximately $4.5 million for violating a 2020 agreement that restricted the company from onboarding high-risk clients. According to the FCA, Coinbase flouted this agreement by onboarding over 13,000 such clients and offering them crypto services.
Nessler contends that this infraction, and Coinbase’s failure to disclose it when the company went public in April 2021, led to an artificially inflated stock price. She says had this information been known, she wouldn’t have purchased Coinbase stock at the price she did.
This lawsuit now joins a growing list — at least six others — filed in the wake of the data breach, most of which accuse Coinbase of inadequate data protection measures. What makes Nessler’s case stand out is the emphasis on shareholder harm rather than customer data privacy alone.
The lawsuit names Coinbase CEO Brian Armstrong and CFO Alesia Haas as co-defendants and seeks damages for anyone who bought Coinbase shares between April 14, 2021, and May 14, 2025. Nessler also requests a jury trial.
Coinbase has yet to issue a public response to the latest legal challenge.
Meanwhile, separate legal troubles continue to mount. Another suit filed in Illinois on May 13 alleges Coinbase collected, stored, and shared biometric data without properly informing users — including failing to disclose how long such data would be retained and for what purpose.
As Coinbase continues to fight battles on multiple legal fronts, the latest shareholder lawsuit underscores the growing scrutiny not just over how it protects user data, but also how transparently it communicates risks to its investors.
