KeepChange Foils Bitcoin Theft but Loses User Data in Sunday Breach

Hacker
9 February 2021

Bitcoin marketplace KeepChange says it has managed to limit the ramifications of a security breach on Sunday.

According to a blog post on Monday, the exchange said several bitcoin withdrawal requests had been initiated from customer accounts to an address belonging to the attackers. However, one of the platform’s control subsystems halted the requests, resulting in no bitcoin being lost, the exchange said.

The attackers did, though, manage to steal some customer data including email addresses, names, trade counts, total traded amount and hashed passwords.

“Even though passwords were hashed and they are very unlikely to be retrieved from the hashed form, we recommend changing your password as soon as possible,” KeepChange told users.

Withdrawal requests have been disabled until Thursday pending further investigation and allowing users enough time to reset their passwords. From Friday, users will be able to make withdrawal requests as usual.

Meanwhile, deposits and trades remain active and are functioning as normal.

“We have done other required actions in the last hours, to be sure that no similar attacks can occur,” the exchange said.

See also: Why Ledger Kept All That Customer Data in the First Place

Disclosure
The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.