Crypto firm says hacker locked all employees out of Google products for four days

Avatar

A prominent cryptocurrency company told the SEC that a hacker broke into its systems and locked all of the company’s employees out before taking several actions that are still being investigated. 

Unicoin filed regulatory documents Thursday that said the attack began on August 9, when a hacker “gained access to the Company’s Google G-Suite account and changed passwords of all users of the Company’s G-Suite products (i.e., G-Mail, G-Drive and other related G-Suite functionality).”

The attack blocked all users with “@unicoin.com” email addresses from accessing company systems for nearly four days. By August 13, company officials were able to remove the hacker’s access to G-Suite accounts and restore employee accounts. 

“The Company is examining the information accessed to determine and mitigate the impact of the Event,” Unicoin executives wrote, adding that it is still unclear who is behind the attack.

While there is no evidence that money or digital assets were stolen, the filing notes that once the San Francisco-based company regained access to its systems, it did find discrepancies in the personal data of employees and contractors in the company’s accounting department. 

Unicoin also found “traces of hacked messages and email accounts of certain managers.” The company said it still unclear whether the incident will have a financial impact on operations. 

Unicoin is one of the few cryptocurrency companies that makes reports to the SEC, and its coin is backed by a portfolio of assets that include real estate and equity in other companies. The company has sold more than $500 million worth of unicoins. 

One clue uncovered during the investigations was a contractor who had forged their identity. The contractor’s position and access were terminated. Unicoin did not respond to requests for comment about whether that specific incident was tied to the longstanding issue of crypto companies mistakenly hiring hackers tied to the North Korean government. 

In recent years U.S. officials have repeatedly warned that North Korea has been ramping up efforts to get hackers hired at U.S.-based tech companies — with the goal of either earning legitimate paychecks to send home or using their access to facilitate cyberattacks that could yield sensitive information and stolen funds.

Two weeks ago, cybersecurity firm KnowBe4 admitted it hired a worker last year that it later discovered was part of the same North Korean scheme. U.S. law enforcement agencies have also taken down multiple laptop farms across the U.S. that are used to facilitate North Korean employment efforts

The United Nations is in the process of investigating 58 cryptocurrency company cyberattacks allegedly conducted by North Korean hackers that allowed attackers to rake in about $3 billion over a six-year span.

On Thursday, blockchain security company Chainalysis said the first half of 2024 saw criminals steal nearly $1.6 billion through attacks on cryptocurrency companies — with the majority of attacks being launched by North Korean actors.

CybercrimeNewsTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Ransomware attack on Indian payment system traced back to Jenkins bug

Next Post

US agencies attribute presidential campaign cyberattacks to Iran

Related Posts

Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems

Cybersecurity security researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck. "A vulnerability in the Nortek Linear eMerge E3 allows
Avatar
Read More