Yahoo Finance

Coinbase Global said Thursday that it has refused to pay a $20 million ransom demand from cybercriminals who bribed the company’s overseas customer support agents to steal sensitive user data.

The cryptocurrency exchange estimated that the incident could cost from $180 million to $400 million, between fixing the underlying issues and reimbursing customers, according to a regulatory filing.

Most Read from The Wall Street Journal

• Walmart Becomes Biggest Retailer Yet to Pass Through Tariff Price Increases

• Meta Is Delaying the Rollout of Its Flagship AI Model

• Berkshire Sells Financial Stocks, Doubles Constellation Stake, Holds Steady on Apple

• Coinbase Says Cybercriminals Stole Customer Data, Sought Ransom

• Powell Steers New Strategy for a World Where Very Low Rates Are No Sure Thing

The disclosure sent the company’s stock down more than 7% on Thursday. The data breach is a setback for the largest U.S. crypto exchange, which has cultivated a reputation for safety and largely avoided the type of attacks and thefts that have crippled many overseas exchanges.

The company said it received an email on Sunday from an unknown party who claimed to have obtained information about certain customer accounts, adding that the threat actor appears to have obtained the information by paying multiple contractors or employees working in support roles outside the U.S.

Coinbase said it determined that the email was credible, and that while customer funds weren’t accessed, the stolen data included personal information such as names, addresses, phone numbers and email addresses; masked Social Security and bank-account numbers; government‑ID images such as driver’s licenses and passports; and account data such as balance snapshots and transaction histories.

Tens of thousands of users were potentially affected. The company said less than 1% of Coinbase’s monthly transacting users had their data pulled. That could be as many as 97,000 customers, based on Coinbase’s latest usage disclosures.

Coinbase said it is working with law enforcement to investigate the incident, adding that it is opening a new support hub in the U.S. and taking other measures to harden its defenses. It pledged to reimburse users who were tricked into sending funds to the attackers. The company also said it fired the insiders who cooperated with the hackers and will press criminal charges against them.

In a video, Coinbase CEO Brian Armstrong said the company was refusing to pay the $20 million bitcoin ransom demand and setting up a $20 million reward fund for information that could lead to the arrest and conviction of the attackers.