Crypto-coin website Coinlab.com has been breached by an attacker, according to a security report published by security firm FireEye.
Coinlab, which offers bitcoin and cryptocurrency trading, said on its website that the breach had taken place in early July, with the compromised site reporting that the “attack was conducted on July 12, 2017 at 5:21 PM UTC.”
Coinlab added that the attacker “attempted to use an external SQL injection vulnerability to inject user-provided login credentials, credentials for password reuse, and password reset information into the database.”
The database password was also changed, Coinlab said.
CoinLab said the attacker was able to steal “approximately $500,000 worth of bitcoins and about $10 million worth of cryptocurrencies.”
CoinLab did not provide any information on the type of data stolen, or how it was used.
Coin Lab, which has more than 1.5 million active users, said in a statement that it was “looking into the matter.”
Coin Lab did not immediately respond to a request for comment.
The attack occurred on July 13, 2017, CoinLab reported.
The incident was discovered on the site’s own security scanner and was not the result of an attack, Coin Lab said.
The site was “in the process of removing some of the user data, including the password, when the compromised database was accessed,” CoinLab noted.
“The compromised database contained user names, passwords, and other sensitive information.”
Coin Labs said that the compromised user data contained “a variety of passwords for several different services,” including Coinbase, BitPay, Circle, and Bitstamp.
Coin Labs also noted that it had disabled user accounts from its website in response to the breach.
CoinLabs has not disclosed the amount of data taken from CoinLab, but said it had been “hundreds of millions of dollars” in losses from its database compromise.
Coin Labs said in its statement that the incident “likely” resulted in “losses to the user base.”