Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The US cryptocurrency exchange has experienced a sudden drop in stock price after hackers stole personal information.
Cryptocurrency exchange Coinbase is facing a class action from one of its investors following a data breach that saw the personal information of 69,461 customers compromised by an unknown threat actor.
Investor Brady Nessler filed suit on 22 May in a Pennsylvania federal court alleging violations of federal securities law.
Filing suit on behalf of other investors, Nessler is claiming damages relating to both a drop in stock value following the incident – Coinbase shares dropped by 7.2 per cent when news of the incident was disclosed – and a failure to properly disclose a previous incident that saw Coinbase fined by the UK’s Financial Conduct Authority.
Nessler claims that initial failure led to an inflated stock price. Coinbase was trading at a 12-month high of US$343.62 in December 2024, but by early April 2025, this had dropped to US$151.47. This then rose to US$263.41 on 14 May, only to drop to US$244.44 in the wake of the data breach.
The company is currently trading at US$263.16 as of 23 May.
Coinbase became aware of the incident on 11 May when the company received an email demanding US$20 million; failure to pay would see customer data – including scans of government-issued IDs, cryptocurrency account data and limited details of customers’ bank details – published online.
Coinbase refused to pay the ransom demand and instead offered a US$20 million reward for anyone with knowledge of the criminal’s identity. The threat actor had managed to access customer data by bribing several overseas-based insiders.
At the time, Coinbase said less than 1 per cent of its customers had been impacted. The company will begin contacting its 69,461 customers on 30 May, warning them that their personal data had been compromised.
“We discovered that a small number of individuals, performing services for Coinbase at our overseas retail support locations, improperly accessed customer information. This included information related to your account,” Coinbase said in its data breach notice, which was filed with the Office of the Maine Attorney General.
“This information did not include your password, seed phrase, private keys, or any other information that would allow someone to directly access your account or your funds and Coinbase Prime was untouched.”
Coinbase did confirm, however, that personal identifiers such as masked social security and bank account numbers were disclosed, as well as scans of government IDs such as passports and driver’s licenses, and account information such as transaction history and balance had all been disclosed.
In its Form 8-K filing to the US Securities and Exchange Commission, Coinbase said it expects the incident to cost the company “approximately (US)$180 million to (US)$400 million relating to remediation costs and voluntary customer reimbursements”.
“The company plans to aggressively pursue all remedies. As the company’s investigation is ongoing, the full impact of these events are not yet known.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
