MintPal, one of today’s most popular exchange markets for altcoins, has just admitted it was hacked. Surprisingly, its Bitcoin and Litecoin deposits were safe but the attacker was able to access about 8 million VeriCoins in the exchange’s hot wallet, a wallet that remains constantly connected to the Internet.

According to MintPal, the hackers injected a withdrawal request into its database which allowed it to bypass risk control measures. Despite the breach, MintPal is confident that its server infrastructure was not directly accessed in the attack.

MintPal moved quickly to suspend trading when VeriCoin’s developers announced a hard fork to try and reverse the theft, but some transactions were able to proceed due to an error on the service’s part, which allowed those who had not refreshed their page since the market suspension to continue trading as normal. MintPal immediately addressed the issue to prevent further trades.

Since the attack, MintPal has been plagued with inquiries from users asking questions why only VeriCoins were targeted, if any of their personal information was acquired by the attackers, if cold storage was used for VeriCoin, and whether or not they’ll recover their VRCs.

MintPal says that Bitcoin and Litecoin were actually targeted in the attack, but the thieves failed because they use cold storage methods for those wallets. As for VeriCoin, it also has cold storage (a wallet that’s kept offline), but MintPal left the majority of its VeriCoins in the hot wallet.

According to MintPal, the attackers were not able to access any of its customer’s personal information.

As for the VeriCoins taken by the attacker, MintPal explained that “VRC developers have worked tirelessly to perform something never before done by a cryptocurrency, and rollback the blockchain in order to reverse the two malicious transactions. This was not done out of a desire to save MintPal, but rather a desire to save your coins. Once the updated wallet has been distributed and the new fork is active we will re-open our VRC wallet to facilitate withdrawals.”

This method of recovering the theft was frowned upon by some in the digital currency community, as it allows the VRC developers to move the 8m stolen VRC to a new wallet. In other words, it’s a clear illustration of how easy it would be for some to manipulate cryptocurrency if they’re in a dominant position.

“The community is clearly divided. Some think we are good guys for helping users keep their stolen coin. Others think we are bad for ‘abusing’ our dev rights to change the blockchain. We believe we are in the right as less than $4,000 worth of VRC were sent between the theft time and hard fork, while over $2m of VRC would have been sent otherwise,” Patrick Nosker, Vericoin developer, said in an interview with CoinDesk.

When operations resume, MintPal will begin processing transactions manually until they are 110 percent sure that the issue has been resolved to prevent a similar incident. MintPal assures its customers that they will be refunded in full, but for customers of other exchanges affected by the incident, they’re advised to get in touch with them directly.