The value of digital currency Ethereum tanked Friday after hackers stole the equivalent of more than $50 million from an organization that controls large amounts of the cryptocurrency.

Attackers exploited a security weakness to steal more than 3.5 million Ether tokens from an organization called the DAO, which held about 9.2 million tokens before the attack, according to its website. Before the attack, the DAO held roughly 14% of all ether tokens in circulation.

Ethereum, which recently reached an all-time peak above $21 a coin, fell as low as $13.40 on the news before recovering to $16.70 in recent trade, according to data from CryptoCompare.

The attacker, or attackers, stole the coins by exploiting a bug in the DAO’s code, creating an offshoot of the original structure— what Vitalik Buterin, the creator of Ethereum and chief scientist at the Ethereum Foundation, called a child DAO. The ether tokens were then transferred to this new entity, where they remain.

The rules of the DAO’s code require funds to be frozen for a period before they can be withdrawn. Because of this, the person or people responsible for the attack won’t be able to touch the coins for about 27 days, Buterin said. But because the baby DAO is linked to the original, it’s possible that more coins could be stolen in the coming weeks, said Stephan Tual, who was closely involved with the creation of the DAO. Tual is also the founder and chief operating officer of Slock.it, a startup build on the Ethereum platform.

“All the funds are safe in the sense that we’ve identified that the attacker put them into a ‘child DAO’, which gives us ample time to work on a fix,” Tual said.

Read: This bitcoin challenger is up 1,100% this year — but is it ready for prime time?

In response to the attack, members from different pockets of the Ethereum community — including developers, members of the Ethereum foundation, some of the architects of the DAO and representatives from various cryptocurrencies exchanges—met in a private Skype group to develop a plan for recovering the stolen funds, according to Buterin and Jesse Powell, chief executive officer of Kraken, one of the largest cryptocurrency exchanges in the U.S.

The group explored several methods for invalidating the transactions, including a rollback that would unwind recent transactions of the Ethereum blockchain.

Ultimately, the group decided on a two-pronged approach: an initial update to the Ethereum software that will prevent the coins from being withdrawn even after the 27-day freeze has ended, followed by another that will return the Ether contained in the DAO to its investors, Buterin said in a statement.

As part of the proposed solution, the DAO will be unwound. Investors in the DAO were issued so-called DAO tokens, a separate digital currency backed by the value of Ethereum. Once the Ethereum is recovered and returned, all of these tokens will be destroyed, Tual said.

The value of DAO tokens plummeted from about 20 cents to around 10 cents after the hack.

Shortly after the attack when the details were still fuzzy, the Ethereum Foundation asked some of the major exchanges, including Kraken, one of the biggest in the U.S., to halt withdrawals.

Powell said the move was a precautionary measure to prevent the thief from converting the stolen tokens to bitcoin or U.S. dollars, then withdrawing the funds. Withdrawals have since been restored.

The motivation behind the attack remains unclear. It’s likely the attackers won’t be able to access the funds because the creators of the DAO will likely be able to recover them before the 27 days are up, Powell said.

Powell speculated that the attack was meant to draw attention to the security flaw. Or, maybe the perpetrator or perpetrators took out a large short position in Ethereum ahead of the attack, expecting its price to plummet on the news.

Kraken is combing through its trading data looking for suspicious shorts, Powell said.

The DAO was created earlier this year by a group of Ethereum entrepreneurs, investors and others to help crowdfund promising startups building on Ethereum’s platform, Tual said. Users trade Ethereum for a separate cryptocurrency called DAO tokens. Their value is backed by the pool of Ethereum contained within the DAO.

While the software that undergirds cryptocurrencies like Ethereum and bitcoin is believed to be secure, exchanges and other organizations holding large quantities of the digital coins have proven susceptible to hacks. In early 2014, Mt. Gox, a prominent cryptocurrency exchange, filed for bankruptcy after hackers stole millions of its customers’ coins.

In a statement, Buterin assured the investors that Ethereum remains secure.

“This is an issue that affects the DAO specifically; Ethereum itself is perfectly safe,” Buterin said.