Crypto exchange Coinbase said Thursday it expects to incur between $180 million and $400 million in costs related to a cyberattack.

The company said account data including names, addresses and emails were stolen for a "small subset" of its customers, but the attackers did not get access to login credentials or passwords.

"We will reimburse customers who were tricked into sending funds to the attacker," Coinbase said.

Coinbase said it would not pay the $20 million ransomware that the criminals are demanding, and assured customers that their accounts and data are protected.

The exchange wrote in a blog post Thursday: "Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks. These insiders abused their access to customer support systems to steal the account data for a small subset of customers.

"No passwords, private keys, or funds were exposed and Coinbase Prime accounts are untouched. We will reimburse customers who were tricked into sending funds to the attacker. We’re cooperating closely with law enforcement to pursue the harshest penalties possible and will not pay the $20 million ransom demand we received. Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack."