Security firm Proofpoint has identified a phishing campaign targeting users of popular Bitcoin wallet, which has more than two million users.

The phish begins with an authentic-looking email that notifies the recipient of possibly suspicious activity – a potential “hijacker” attempting to log in from China, according to a Wednesday post. Users are advised to click a link in the email to reset their passwords.

Clicking on the link brings the recipient to an authentic-looking password reset page that asks for credentials, which are sent to the attackers when entered.

So far more than 12,000 messages have been sent to more than 400 companies in various industries, including education, financial services, technology, media, and manufacturing, the post indicates, adding that 2.7 percent of recipients have clicked the link in the email.