Coinbase has disclosed a potential financial impact of $180 million to $400 million due to a recent cyberattack that exposed customer data. While login credentials weren’t stolen, hackers accessed names, addresses, and emails by bribing overseas contractors and employees, who have since been fired. Coinbase is reimbursing affected users and refused a $20 million ransom, instead offering a $20 million reward for information on the attackers.

The SEC is also investigating whether Coinbase misrepresented user data in past disclosures, though Coinbase denies any active compliance probe. These issues emerge just days before the company is scheduled to join the S&P 500 index, dampening what was meant to be a major milestone.

The breach highlights ongoing security vulnerabilities in the crypto industry, which saw $2.2 billion stolen in 2024. Coinbase is responding by enhancing internal security and launching a new U.S.-based support hub.