Coinbase is facing a class action lawsuit from shareholders who allege the crypto exchange failed to promptly disclose a serious data breach and a regulatory violation, both of which contributed to a drop in the company’s stock price.

The lawsuit, filed Thursday in the US District Court for the Eastern District of Pennsylvania, claims investors suffered significant financial losses as a result of the company’s omissions.

According to court filings, the lead plaintiff, investor Brady Nessler, argues that Coinbase kept shareholders in the dark about key risks, including a breach of a 2020 agreement by its UK subsidiary, CB Payments, and a December cyberattack that compromised the personal data of tens of thousands of users.

Coinbase didn’t return Cryptonews’ request for comment by press time.

Coinbase Faces Legal Heat as Stock Dips After Late Breach Disclosure

The breach, which involved the bribing of customer service staff by hackers, was not disclosed until May 15, 2025.

On the day of the announcement, Coinbase’s stock fell by 7.2% to close at $244. The company estimated the potential financial fallout from the breach, including customer reimbursements and internal remediation, could range between $180m and $400m. Since then, the stock has modestly rebounded, closing at $263.16 on May 23.

The lawsuit names Coinbase CEO Brian Armstrong and CFO Alesia Haas as co-defendants. It accuses the company of failing to make timely disclosures that could have warned investors of the risks, in violation of federal securities laws.

Shareholders who purchased Coinbase stock between April 14, 2021, and May 14, 2025, are included in the proposed class. The suit seeks to recover damages tied to the stock price decline following the disclosures.

Cybersecurity Failures and Delayed Disclosure Fuel Wave of Investor Lawsuits

However, this is only one of several legal actions Coinbase is currently facing in connection with the breach. Between May 15 and May 16, at least six class-action lawsuits were filed against the exchange.

Plaintiffs in those cases have accused the company of negligence, weak cybersecurity infrastructure and a delayed, inadequate response to the incident.

Coinbase’s security breach is now under investigation by the US Justice Department. According to reports, the breach affected data from nearly 97,000 accounts. Additionally, the hacker demanded a $20m ransom. They gained access to government-issued IDs and email addresses.

Coinbase refused to pay and instead offered a $20m bounty to track down the perpetrator. It later confirmed that sensitive data from at least 69,461 customers had been compromised.

The company has since dismissed the employees involved. It also stated that it is enhancing internal controls. However, the timing of its disclosure has raised concerns. Both investors and regulators have questioned the delay. As a result, fresh scrutiny is now falling on the exchange.

The post Coinbase Investors File Suit Over Alleged Mishandling of User Data Leak appeared first on Cryptonews.