KeepChange, a Bitcoin exchange portal that launched last year, said it was hacked over the weekend but that security safeguards it had in place stopped the intruders from stealing user funds.
“Bitcoin withdrawal requests were initiated from customer accounts to an address belonging to attackers,” the Bitcoin marketplace said in a blog post this week.
“One of our control subsystems kicked in and stopped those withdrawal requests, and no Bitcoin is stolen from KeepChange.”
However, the exchange said that while hackers were unsuccessful in stealing user funds, they managed to steal some of its customers’ personal data. This included details such as names, email addresses, trade counts, total traded amounts, and hashed passwords.
“Even though passwords were hashed and they are very unlikely to be retrieved from the hashed form, we recommend changing your password as soon as possible. If you have used the same password on other sites, we recommend that you change them as well,” KeepChange told its customers on Tuesday.
KeepChange has halted funds withdrawals on the platform until today, Thursday, February 11, to give users time to change passwords and enable various security features for their accounts.
Among these are two-factor authentication (2FA), which the company urged users to enable for their accounts.
Furthermore, KeepChange took the rare step of forcibly enabling a security feature for all users. Named Login Guard, once enabled, users won’t be able to access their accounts unless they open a verification link they receive via email.
News of the KeepChange attack came on the same day that Japanese news agency Nikkei reported that North Korean state-sponsored hackers stole an estimated total of $316 million from cryptocurrency exchanges in 2019 and 2020.
A Chainanlysis report published yesterday also blamed North Korean hackers for most cryptocurrency exchange hacks, including the theft of $150 million from KuCoin, last year’s biggest hack.
KeepChange said it’s still investigating the breach, but at this point, it wouldn’t surprise any cryptocurrency expert if the exchange confirms it was targeted by Pyongyang hackers.