The company said it received an e-mail from an unknown threat actor on 11 May, claiming to have information about certain customer accounts as well as internal documents.
The disclosure comes days before the company is set to join the benchmark S P 500 index, marking a landmark moment for the crypto industry.
Coinbase said that while the attackers stole some data including names, addresses and e-mails, they did not get access to login credentials or passwords. It will, however, reimburse the customers who were tricked into sending funds to the attackers.
The hackers had paid multiple contractors and employees working in support roles outside the US to collect information from internal systems. Coinbase has fired the employees involved immediately, it said.
It also refused to pay the ransom demand of 20-million and is working with law enforcement agencies. It has instead established a 20-million reward for information on the attackers.