Unicoin hints at potential data meddling after G-Suite compromise

The cryptocurrency offshoot of reality TV and entrepreneurship show Unicorn Hunters has confirmed that an unknown attacker compromised its G-Suite, locking all staff out of their accounts.

Unicoin told the US Securities and Exchange Commission (SEC) that the intrusion took place on August 9, a classic strategy to strike just before the weekend. Who'd want to be a defender?

The technical details of the intrusion haven't been fully revealed – investigations are ongoing – but we know that once inside, the attacker clearly had high enough privileges to change every single user account password.

Anyone with an @unicoin.com email address was locked out of Gmail, Docs, Sheets, Drive – you name it.

Commenting on the news, Jake Williams, VP of research and development at Hunter Strategy and IANS faculty member, said he had worked on similar cases during his time and "wouldn't wish it on anyone."

Unicoin said it regained access to its G-Suite on August 13, and it's still working to determine to what extent company data has been compromised. However, the four major discoveries made at the time of the SEC filing were:

1. Attackers definitely broke into the company G-Suite

2. "Discrepancies were found" after assessing corporate accounts, specifically regarding the personal data of employees and/or contractors in the accounting department

3. "Traces" of evidence suggesting email messages and accounts of some company managers were accessed

4. "Traces of identity forgery" regarding a company contractor, whose contract was then terminated

The company went on to say that at present, there is nothing to suggest its cash or cryptocurrency assets have been lost, and it hasn't yet determined whether the incident will have a material effect on its financial condition.

"This is a significant event because the entirety of the Unicoin organization lost all access to their corporate Google Workspace, including business email, document management, and related services, for approximately four days," commented Elliott Wilkes, CTO at Advanced Cyber Defence Systems.

"This means an outside actor was able to get administrator privileges to their Google Workspace and then change all the passwords for legitimate users, effectively locking them out. Presumably, only intervention from Google engineers would have been able to oust the bad actor, given the total level of compromise of their Google Workspace.

"What isn't clear from this SEC disclosure is the nature of the compromise – was an admin hit with a sophisticated and targeted spearphishing attack that led to their account being compromised? Was there malware in the form of an infostealer loaded on an admin's device that allowed their password to be captured and access gained that way? And what was the nature of the attack that it evaded Multi-factor Authentication controls? It is possible that the identity forgery they mentioned by one of their now-terminated contractors was involved in this, but until more information is disclosed, it is just speculative."

• Russian man who sold logins to nearly 3,000 accounts gets 40 months in jail
• Mad Liberator extortion crew emerges on the cyber-crook scene
• Russian cyber snoops linked to massive credential-stealing campaign
• Enzo Biochem ordered to cough up $4.5 million over lousy security that led to ransomware disaster

What's a Unicoin?

Unicoin markets itself as a next-generation cryptocurrency token that's backed by an asset portfolio comprised of equity stakes in companies that are part of Unicorn Hunters, a Shark Tank-like show where budding businesspeople seek investment for their big ideas.

Fans may remember Apple co-founder Steve Wozniak featured in the first season as one of the show's investors.

Unicoin's pitch revolves around it being a more stable investment compared to "first-wave" crypto tokens, the value of which is notoriously volatile.

The company launched its coin in the INX.One trading platform earlier this year, and a recent email from CEO Alex Konanykhin told shareholders that it's looking to go public soon.

So far, more than $500 million worth of its tokens have been sold to more than 7,000 investors. ®