Crypto wallet developer Komodo has revealed that it effectively hacked its own platform to thwart an attack on its customers’ funds.

The startup said that a potential breach would have seen hackers steal cryptocurrencies worth nearly $13 million.

According to a blog post by the npm JavaScript repository, Komodo’s security system detected a potential threat on June 5.

The system alert led to the discovery of a backdoor breach from which the attackers could have compromised one of the platform’s older wallets called Agama. Users of this wallet would have lost their funds had the developer not moved to “hack” itself.

An audit of the system revealed the presence of a malicious code capable of stealing crypto wallet seeds and login details.

Komodo and npm decided to avert any potential external hack, using the backdoor created by the malware to extract user funds from Agama. They then transferred the ‘rescued’ funds to safety, away from the reach of any would-be hackers.

Npm noted that once its internal security tooling alerted it of the threat, their immediate response was to notify and then coordinate with Komodo on the best way to protect the wallet provider’s users. The quick action was also aimed at removing the malicious code from npm.

Komodo said in a security alert that its own Cyber Security Team utilized the same backdoor exploit to secure several seeds that were exposed to the vulnerability. It then went on to remove the funds that were at risk of being stolen.

According to the startup, the “hack” enabled it to secure 8 million komodo (KMD) tokens and another 96 bitcoin (BTC). Together, the crypto was worth nearly $13 million.

Komodo has advised those still on the Agama wallet to move their holdings to the developer’s newer wallets. They should also generate new addresses for their KMD and BTC and create new secret keys.