Cyber Incident Victim: KeepChange
Date:
Feb 2021
Location:
United States of America
Summary
A security breach at cryptocurrency exchange KeepChange targeted customer accounts, with attackers attempting unauthorized bitcoin withdrawals. The platform's internal controls successfully blocked all fraudulent transfer requests, preventing any cryptocurrency losses. However, the attackers exfiltrated user data including names, email addresses, password hashes, trade history counts, and aggregated transaction values. The incident demonstrated partial system compromise but effective protection mechanisms for digital asset transfers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 6, 2021, attackers breached cryptocurrency exchange KeepChange, initiating unauthorized bitcoin withdrawal requests from customer accounts to attacker-controlled addresses. The platform’s automated control subsystem detected and halted these fraudulent transactions, preventing any bitcoin losses. While the exchange successfully thwarted the cryptocurrency theft, attackers exfiltrated customer data during the incident. Compromised information included users’ email addresses, full names, trade counts, total traded amounts, and cryptographically hashed passwords. KeepChange publicly disclosed the breach through a blog post on February 7, 2021, confirming the security failure occurred the prior day. The company did not specify the exact number of affected users or the intrusion methodology employed by attackers.
KeepChange’s incident response focused on validating the integrity of its transaction monitoring systems while investigating the data exposure. The exchange confirmed no unencrypted financial data or private keys were compromised beyond the identified dataset. Forensic analysis revealed the attackers accessed account information but were blocked from completing cryptocurrency transfers. The breach exposed historical user activity metrics through trade counts and aggregated transaction values. KeepChange did not announce password resets or credit monitoring services in its initial disclosure, though standard security protocols for hashed password storage were implied. Operational impacts appeared limited as the platform continued functioning without reported downtime following the incident.