Cryptocurrency start-up Komodo Platform hacked itself to save the $13 million in Bitcoin and other digital coins that its users held from being stolen by hackers.

Reports said the platform was tipped off about a backdoor in one of its older wallet apps, called Agama, which hackers could have eventually found to siphon off the digital coins.

The so-called backdoor was detected during an audit by the npm security team who found and responded to a malware threat. According to an npm blog post, the attack focused on getting a malicious package into the build chain for Agama and stealing the wallet seeds and other login passphrases used within the application. Hackers would have used the seeds and passphrases to connect to the cryptocurrency accounts managed via the Agama wallet to steal the money.

“The attack was carried out using a pattern that is becoming more and more popular; publishing a useful package (electron-native-notify) to npm, waiting until it was in use by the target, and then updating it to include a malicious payload,” npm said.

Komodo Platform had used the EasyDEX-GUI application to develop the Agama wallet. The blockchain-powered company said the Verus version of Agama wallet is not affected by this vulnerability and is very much secure. This would be a first time an organization took such a measure to safeguard its customers.

With very little time to take security measures, the Komodo team hacked itself through the same backdoor and retrieved the users’ funds from the impacted wallets and moved the funds away from hackers’ reach.

The cryptocurrency market is very vulnerable to hackers. In 2018 alone, hackers made off with $1 billion from cryptocurrency exchanges. Last month, Binance, one of the world’s biggest cryptocurrency exchanges, experienced a large-scale security breach when hackers stole 7,000 bitcoin worth over $40 million.

Experts say that cyber thieves normally lure their victims to cloned websites that look identical to the original site. The hackers are also known to use Google and Facebook ads that rank the same name as the original service.