IOTA Foundation, the nonprofit behind the IOTA distributed network, recommended users close their Trinity wallets Thursday after multiple reports of fund theft.

IOTA said it started receiving the reports Wednesday and decided to shut off the Coordinator node in the network for further investigation.

The foundation is evaluating an exploit on an earlier version of its wallet. It is also trying to analyze the hackers’ attack pattern and complete a manual verification, according to the foundation’s latest statement.

“First (but not all) exchanges have responded, reporting that no monitored funds have been transferred or liquidated,” the foundation said.

“Most evidence is pointing towards seed theft, cause still unknown and under investigation,” the foundation said earlier. “Victims (around 10 that identified with the IOTA Foundation so far) all seem to have recently used Trinity.”

On Twitter, IOTA said it is working with law enforcement and cybersecurity experts to investigate a coordinated attack that resulted in stolen funds.