Customers registered with the Liquid exchange may have had their data exposed to bad actors, the company said Wednesday.
In a notice on its website, Liquid CEO Mike Kayamori said the attack occurred on Friday, Nov. 13.
"A domain name hosting provider that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor," he said.
The access allowed the intruders to change DNS records and then take control of "a number of internal email accounts."
Ultimately, they were able to "partially compromise" the exchange's infrastructure and access stored documents.
Kayamori said the attackers may have been able to obtain data such as users' emails, names, addresses and encrypted passwords.
Liquid is currently investigating whether the attacker also accessed identity documents and photos submitted for know-your-customer verification.
As soon as the intrusion was noticed, Liquid "intercepted and contained the attack," the CEO said.
It also regained control of its domain and carried out a "comprehensive review of our infrastructure."
"We can confirm client funds are accounted for, and remain safe and secure. MPC-based and cold storage crypto wallets are secured and were not compromised," Kayamori said.
He recommended users change their passwords and 2FA credentials, and be wary of possible phishing attempts to use their data.