On February 7, we discovered a breach of our customers’ data at KeepChange. Besides, Bitcoin withdrawal requests were initiated from customer accounts to an address belonging to attackers. One of our control subsystems kicked in and stopped those withdrawal requests, and no Bitcoin is stolen from KeepChange.
Hackers have stolen part of our customers’ data, including email address, name, trade count, total traded amount, and password in the hashed form.
Even though passwords were hashed and they are very unlikely to be retrieved from the hashed form, we recommend changing your password as soon as possible. If you have used the same password on other sites, we recommend that you change them as well.
Please always be careful of phishing attacks, and we want to insist again that be careful with any email message that you receive. Some of them might be phishing attacks and they can easily trick you into clicking on the links that look innocent.
Please activate your second-factor password (2FA) after you have logged in. If you have already activated it, please deactivate and reactivate it once more.
To increase security, we have activated Login Guard for all users. As a result, after each login, you will receive an email with a link, and you have to open that link in your browser, to be able to access your account. If this is hard for you, you may deactivate this feature, only after you have activated your second-factor authentication.
Withdrawal requests will be disabled until Thursday so that we can finish our internal investigation, and users have enough time to reset their passwords. From Friday, you can send your withdrawal requests as usual. Deposits and trades are active, and working in the meantime. We have done other required actions in the last hours, to be sure that no similar attacks can occur.
These actions don’t make this ok. This is not ok and we are extremely upset about it, but we believe that our customers have the right to know about this incident.
We’re incredibly sorry that this has happened, and for the stress and inconvenience, it will no doubt have caused.
If you have any questions or concerns, please send an email to us.