Crypto-currency exchange BitMart says hackers have stolen about $150m (£113m) worth of tokens from its "hot wallets".
Those affected, one storing Ethereum and one Binance Smart Chain tokens, "carry a small percentage of assets on BitMart and all of our other wallets are secure and unharmed", it said.
But the first security company to notice the hack estimated the stolen tokens were worth closer to $200m.
Bitmart is suspending customer withdrawals until further notice.
The real victims of mass crypto-hacks
RIP Mr Goxx: cryptocurrency-trading hamster dies
"At this moment we are still concluding the possible methods used," it said.
"We are now conducting a thorough security review and we will post updates as we progress." And it would try to "maintain transparency" as it dealt with the aftermath of the attack.
Many investors recommend moving large amounts of crypto-currency not needed for day-to-day trading to "cold" storage, disconnected from the wider internet. Mt Gox handled most of the world's Bitcoin transactions - until 850,000 bitcoins went "missing", shuttering the company. And since then, attacks have been a constant problem for crypto-exchanges and investors. And the latest follows the pattern we are becoming used to - huge amounts of stolen crypto-currency and tiny amounts of detail from the victim.
We do not know:
exactly how much money was stolen
whether it came from customers' wallets or a central pot owned by Bitmart
whether the company will repay users
Past hacks have seen a multitude of outcomes.
Sometimes users are refunded, sometimes they are partially refunded, sometimes the company goes bust and on one occasion a hacker even returned all the money. The only certainty is this hack will add further fuel to the fire for people calling for regulation of these increasingly important companies.