Crypto firm says hacker locked all employees out of Google products for four days

A prominent cryptocurrency company told the SEC that a hacker broke into its systems and locked all of the company’s employees out before taking several actions that are still being investigated. 

Unicoin filed regulatory documents Thursday that said the attack began on August 9, when a hacker “gained access to the Company’s Google G-Suite account and changed passwords of all users of the Company’s G-Suite products (i.e., G-Mail, G-Drive and other related G-Suite functionality).”

The attack blocked all users with “@unicoin.com” email addresses from accessing company systems for nearly four days. By August 13, company officials were able to remove the hacker’s access to G-Suite accounts and restore employee accounts. 

“The Company is examining the information accessed to determine and mitigate the impact of the Event,” Unicoin executives wrote, adding that it is still unclear who is behind the attack.

While there is no evidence that money or digital assets were stolen, the filing notes that once the San Francisco-based company regained access to its systems, it did find discrepancies in the personal data of employees and contractors in the company’s accounting department. 

Unicoin also found “traces of hacked messages and email accounts of certain managers.” The company said it still unclear whether the incident will have a financial impact on operations. 

Unicoin is one of the few cryptocurrency companies that makes reports to the SEC, and its coin is backed by a portfolio of assets that include real estate and equity in other companies. The company has sold more than $500 million worth of unicoins. 

One clue uncovered during the investigations was a contractor who had forged their identity. The contractor’s position and access were terminated. Unicoin did not respond to requests for comment about whether that specific incident was tied to the longstanding issue of crypto companies mistakenly hiring hackers tied to the North Korean government. 

In recent years U.S. officials have repeatedly warned that North Korea has been ramping up efforts to get hackers hired at U.S.-based tech companies — with the goal of either earning legitimate paychecks to send home or using their access to facilitate cyberattacks that could yield sensitive information and stolen funds.

Two weeks ago, cybersecurity firm KnowBe4 admitted it hired a worker last year that it later discovered was part of the same North Korean scheme. U.S. law enforcement agencies have also taken down multiple laptop farms across the U.S. that are used to facilitate North Korean employment efforts. 

The United Nations is in the process of investigating 58 cryptocurrency company cyberattacks allegedly conducted by North Korean hackers that allowed attackers to rake in about $3 billion over a six-year span.

On Thursday, blockchain security company Chainalysis said the first half of 2024 saw criminals steal nearly $1.6 billion through attacks on cryptocurrency companies — with the majority of attacks being launched by North Korean actors.