Another day, another cryptocurrency exchange is hacked. The latest victim: leading South Korean exchange Bithumb.

The hack is said to have started with a hacker accessing and downloading details, but not passwords, of about 33,000 users in February from an employee’s computer. While not directly compromising Bithumb, those details were then used in a phishing campaign with emails and phone calls intended to trick users into handing over their passwords.

Bithumb is said to have discovered the breach on June 29 and reported it to the authorities the next day. It’s not clear how much bitcoin and ethereum was stolen, but according to the BBC, one user claims to have lost 1.2 billion South Korean Won, the equivalent of $1.04 million. More than 100 Bithumb customers have filed a complaint with the South Korean National Police Agency’s cybercrime report center since the hacking was revealed, the BBC said.

Representatives for the company have promised to provide immediate compensation of up to 100,000 won ($90) to any affected users, along with a promise to fully reimburse them once the exact amount stolen in by the hackers has been determined. South Korea’s largest bitcoin and Ethereum exchange, Bithumb is the fourth-largest bitcoin exchange in the world and the largest Ethereum exchange, meaning that the amounts stolen could be particularly high.

The company was quick to let customers know that their internal systems had not been compromised, adding in a statement that “an employee PC, not the head office server, was hacked. Personal information such as mobile phone and email address of some users were leaked. However, some customers were found to have been stolen from because of the disposable password used in electronic financial transactions.”

The last reference refers to a one-time password code Bithumb provides to users to securely log into the site, suggesting that users had willingly handed over those details to the hackers who had contacted them.

Image: Bithumb