The cryptocurrency arm of reality TV and entrepreneurship show Unicorn Hunters has confirmed that an unknown attacker has hacked into its G-Suite and locked all employee accounts.

Unicoin told the U.S. Securities and Exchange Commission (SEC) that the breach occurred on August 9, a classic strategy to strike just before the weekend. Who would want to be a defender?

The technical details of the break-in have not yet been fully disclosed – they are still under investigation – but we do know that once inside, the attacker clearly had sufficient authority to change the password on every user account.

Anyone with an @unicoin.com email address was locked out of Gmail, Docs, Sheets, Drive – you name it.

Jake Williams, VP of research and development at Hunter Strategy and a lecturer at IANS, said in response to the news that he had worked on similar cases in his time and that he “wouldn’t wish it on anyone.”

Unicoin said it regained access to its G-Suite on August 13 and is still working to determine the extent to which company data was compromised. However, the four key discoveries made at the time of the SEC filing were:

1. Attackers have definitely broken into the company’s G-Suite

2. “Discrepancies have been found” following review of the company accounts, particularly in relation to the personal data of employees and/or contractors in the accounting department

3. ‘Traces’ of evidence suggest that emails and accounts of certain company executives have been accessed

4. ‘Traces of identity falsification’ in a contractor of a company, whose contract was subsequently terminated

The company further said that there is currently no indication that any cash or cryptocurrency assets were lost, and it has not yet determined whether the incident will have a material effect on its financial condition.

“This is a significant event because the entire Unicoin organization lost access to their corporate Google Workspace, including corporate email, document management, and related services, for approximately four days,” said Elliott Wilkes, CTO at Advanced Cyber ​​Defense Systems.

“This means that an external actor was able to gain administrative privileges to their Google Workspace and then change all passwords for legitimate users, effectively locking them out. Presumably, only intervention by Google engineers could have driven the malicious actor out, given the overall extent of the breach to their Google Workspace.

“What’s not clear from this SEC disclosure is the nature of the breach – was an admin hit with a sophisticated and targeted spearphishing attack that led to their account being compromised? Was malware in the form of an infostealer loaded onto an admin’s device that allowed them to steal their password and gain access? And what was the nature of the attack that allowed it to bypass Multi-factor Authentication checks? It’s possible that the identity spoofing they mentioned by one of their now-terminated contractors was involved, but until more information is released, it’s only speculative.”

What is a Unicoin?

Unicoin bills itself as a next-generation cryptocurrency token, backed by an asset portfolio consisting of equity stakes in companies that are part of Unicorn Hunters, a Shark Tank-style program in which budding entrepreneurs seek investment for their big ideas.

Fans may remember that Apple founder Steve Wozniak was one of the show’s investors in the first season.

Unicoin’s pitch is that it is a more stable investment compared to ‘first-wave’ crypto tokens, whose value is notoriously volatile.

The company launched its coin on the INX.One trading platform earlier this year, and a recent email from CEO Alex Konanykhin told shareholders that the company is planning to go public soon.

To date, tokens worth over $500 million have been sold to over 7,000 investors. ®