Bitcoin marketplace KeepChange says it has managed to limit the ramifications of a security breach on Sunday.

According to a blog post on Monday, the exchange said several bitcoin withdrawal requests had been initiated from customer accounts to an address belonging to the attackers. However, one of the platform’s control subsystems halted the requests, resulting in no bitcoin being lost, the exchange said.

The attackers did, though, manage to steal some customer data including email addresses, names, trade counts, total traded amount and hashed passwords.

“Even though passwords were hashed and they are very unlikely to be retrieved from the hashed form, we recommend changing your password as soon as possible,” KeepChange told users.

Withdrawal requests have been disabled until Thursday pending further investigation to allow users enough time to reset their passwords. From Friday, users will be able to make withdrawal requests as usual.

Meanwhile, deposits and trades remain active and are functioning as normal.

“We have done other required actions in the last hours, to be sure that no similar attacks can occur,” the exchange said.