Cryptocurrency company Unicoin reported a significant security breach to the SEC, detailing an attack that began on August 9, when a hacker gained access to the company’s Google G-Suite account. The hacker changed the passwords of all users, locking employees out of crucial services like G-Mail and G-Drive for nearly four days. By August 13, the company was able to regain control of its systems and restore access to employees, though the incident remains under investigation.
Unicoin stated that there is no current evidence indicating the theft of money or digital assets, but discrepancies were discovered in the personal data of employees and contractors, particularly within the accounting department. In addition, traces of hacked messages and compromised email accounts belonging to managers were found, raising concerns about the potential impact on the company’s operations. Unicoin is still assessing the damage to fully understand the scope of the breach.
The company also uncovered that one contractor had forged their identity, leading to the termination of their position and access. Although Unicoin has not confirmed a connection between this incident and known threats, it did not respond to questions regarding ties to North Korean hackers. The U.S. government has previously warned about North Korean operatives infiltrating tech companies with the goal of conducting cyberattacks or securing funds for their regime.
This breach comes amid increasing scrutiny of North Korean-linked hacking efforts targeting cryptocurrency firms. In the first half of 2024, criminals stole nearly $1.6 billion through attacks on crypto companies, with many of these incidents being attributed to North Korean actors. The United Nations is currently investigating 58 cyberattacks on cryptocurrency companies allegedly carried out by North Korean hackers, resulting in an estimated $3 billion in stolen funds over six years.
Reference: