"Bitcoin withdrawal requests were initiated from customer accounts to an address belonging to attackers," the Bitcoin marketplace said in a blog post this week.
"One of our control subsystems kicked in and stopped those withdrawal requests, and no Bitcoin is stolen from KeepChange."
However, the exchange said that while hackers were unsuccessful in stealing user funds, they managed to steal some of its customers' personal data. This included details such as names, email addresses, trade counts, total traded amounts, and hashed passwords.
"Even though passwords were hashed and they are very unlikely to be retrieved from the hashed form, we recommend changing your password as soon as possible. If you have used the same password on other sites, we recommend that you change them as well," KeepChange told its customers on Tuesday.
KeepChange has halted funds withdrawals on the platform until today, Thursday, February 11, to give users time to change passwords and enable various security features for their accounts.
Among these are two-factor authentication (2FA), which the company urged users to enable for their accounts.
Furthermore, KeepChange took the rare step of forcibly enabling a security feature for all users. Named Login Guard, once enabled, users won't be able to access their accounts unless they open a verification link they receive via email.