The Singapore-based exchange told users Friday that account send functions for cryptocurrencies had been temporarily disabled. Although a spokesperson initially said this was for "network maintenance", the exchange admitted Saturday it had been victim to an attack and that it would impose account restrictions to prevent "unauthorized transactions," until the matter had been fully resolved.
The exchange has not provided further details on the attack's nature, or any information on whether assets were stolen.
"We have detected a sophisticated and coordinated attack on specific Coinhako accounts, and have disabled the send function as a preventive measure," a spokesperson said on the exchange's Telegram channel.
Fewer than 20 Coinhako users are believed to have been directly affected by the attack.
Coinhako's spokesperson said the attack was not a wallet hack and user private keys were not affected.
Launched in 2014, Coinhako is a popular gateway into cryptocurrencies for Singapore traders through its Singapore dollar trading pairs. The exchange launched an over-the-counter desk in October 2019.
Speaking to CoinDesk, Coinhako CEO Yusho Liu said users' send function would remain restricted as a "key countermeasure against unauthorized transaction outflows." The exchange has also reset passwords and two-factor authentication for all users.
Cryptocurrency deposits, trading services and fiat currency withdrawals were still fully functional. Users that had been affected by the attack have also been fully reimbursed, Liu confirmed. The exchange did not respond to questions about the attack's nature.
CoinDesk approached Tim Draper for comment, but he had not responded by press time.
Coinhako is scheduled to resume full operational capacity on March 1.