Coinbase is under growing legal pressure following a major data breach that compromised sensitive user information and allegedly exposed millions to identity theft. Between May 15 and May 16, at least six lawsuits were filed against the crypto exchange, with plaintiffs accusing the company of weak security practices and a poorly handled response to the incident.
The lawsuits were filed shortly after Coinbase publicly disclosed that it had been targeted in a $20 million breach attempt.
According to Coinbase’s May 15 statement, several customer support agents were bribed by cybercriminals, allowing attackers to access internal systems and extract user data, including names, phone numbers, email addresses, Social Security details, bank account identifiers, and even transaction histories.
Users Allege Insufficient Support by Coinbase
One of the most prominent suits, filed by plaintiff Paul Bender in a New York federal court on May 16, alleges that Coinbase failed to implement adequate security safeguards, putting its users at serious and lasting risk. Bender claimed the company’s response was fragmented, delayed, and insufficient.
“Users were not promptly or fully informed of the compromise,” the complaint said. “Coinbase did not immediately take meaningful steps to mitigate further harm, provide identity protection services, or offer actionable guidance to affected individuals.”
The lawsuits claim that users face the possibility of long-term consequences such as identity theft and financial fraud, as the exposed personal information cannot be made secure again once leaked. Plaintiffs are seeking financial compensation and various protective measures to shield their data.
Additional Complaints and Fallout from the Breach
Beyond Bender’s lawsuit, at least five other filings echo similar accusations. Two additional cases in New York included claims of negligence, while another added a charge of unjust enrichment, arguing Coinbase underinvested in its cybersecurity infrastructure.
A separate lawsuit filed in California took a more aggressive stance, demanding Coinbase delete all sensitive user data and undergo third-party security audits.
The exchange declined to comment on the lawsuits but directed inquiries to a blog post addressing the incident. It stated it refused to pay the ransom and committed to reimbursing users deceived by phishing schemes that stemmed from the breach. A filing with the SEC estimated that reimbursements may cost between $180 million and $400 million.
Meanwhile, Coinbase reportedly terminated several India-based customer support agents allegedly involved in the attack. The company’s stock (COIN) dropped 7% to $244 following the breach disclosure, coupled with news of an ongoing SEC investigation into misstated user numbers in 2021.
Floppypepe ($FPPE) is your ticket to the moon. Escape the ordinary and reach for lunar gains with this AI meme token. Secure your spot now before it's too late.
Join Now