Â鶹Éç

Coinbase CEO Brian Armstrong said in a Thursday that a ransom note arrived via email asking for $20 million in Bitcoin in exchange for not releasing information hackers had obtained on Coinbase’s customers.

“I’m going to respond publicly,” Armstrong said. “We are not going to pay ransom.”

— Brian Armstrong (@brian_armstrong)

Armstrong said attackers had found a “weak link” customer service agent outside the U.S. who accepted a “bribe” and gave away personal data on customers.

In a company , Coinbase said it will reimburse customers tricked into sending funds to the attacker. Hackers received access to names, addresses, phone numbers, and emails; masked Social Security numbers (last four digits only); masked bank‑account numbers; and government‑ID images (driver’s licenses, passports). No passwords or private keys were obtained, the company says. The email arrived on Sunday.

Related: Think You Can Hack Into Apple Intelligence Servers? Apple Is Paying Up to $1 Million If You Can.

“(The stolen data) allows them to conduct social engineering attacks where they can call our customers impersonating Coinbase customer support and try to trick them into sending their funds to the attackers,” Armstrong said.

, Coinbase estimated in a with the SEC that it could end up spending anywhere between $180 million and $400 million “relating to remediation costs and voluntary customer reimbursements relating to this incident.”

Meanwhile, that the SEC is separately investigating Coinbase over whether or not it during its IPO in 2021. The company claimed to have more than 100 million “verified users” in marketing materials.

Coinbase’s stock dropped 7% on Thursday after the news, .

Related: Over 10 Billion Passwords Have Been Exposed in the Largest Password Hack in History