A leading cryptocurrency firm has admitted that its employees were unable to use their corporate productivity apps for four days after a threat actor removed access.
Unicoin is the official cryptocurrency of reality TV show Unicorn Hunters, self-described as a “more stable alternative” to most digital currencies.
The firm revealed in a Form 8-K SEC filing last week that on August 9, it detected that an unknown threat actor had managed to access its Google G-Suite account.
The individual changed the passwords “of all users of the company’s G-Suite products (i.e., G-Mail, G-Drive and other related G-Suite functionality), thereby denying access to all users having an @unicoin.com email address,” the filing continued.
“On or about August 13, 2024, the company was able to remove the threat actor’s access to the G-Suite accounts and restore access to its internal users,” it added. “The company is examining the information accessed to determine and mitigate the impact of the event. The company also continues to investigate the extent of the event.”
Read more on crypto attacks: Another Record Year for Ransomware Beckons as Crypto Profits Hit $460m
Unicoin still isn’t sure what happened but revealed that a contractor had been fired after “traces of identity forgery” linked to them were discovered.
Other details that were revealed in the regulatory filing are:
- During a “personal check” of all corporate users of internal services, “discrepancies” were discovered in the personal data of employees and/or contractors in Unicoin’s accounting department
- Traces of hacked messages and email accounts of specific managers were discovered
Unicoin claimed that the event has not had a material impact on its finances or operations, with no monetary loss of coins discovered – although the firm’s findings are not yet conclusive.
It’s unclear whether the fired contractor was involved in the security breach. A blockchain analysis company last week warned that threat actors including thousands of North Korean operatives are using sophisticated social engineering tactics, such as applying for IT jobs at crypto firms, in order to steal funds.
Image credit: Tada Images / Shutterstock.com