Yesterday, 6th August 2017 at 18:30 Hrs we were informed of some small unauthorised transaction(s) happening from few of our user wallets. At a moment’s notice, we looked into the matter and stopped all pending transactions and blocked access to our website. We have investigated and this does not a look to be a server compromise.
Due to our security protocol, just after a few transactions our server identified the pattern and stopped the subsequent transactions by marking it as pending. We are now working on cancelling the pending transactions to users. Unocoin has taken the responsibility to refund the few transactions that happened to get processed.
We will soon enable user Logins shortly. The Send feature will be enabled once our security experts feel that it is perfectly safe to do so.
Rest assured, we are working round the clock to fix the issue and resume to normalcy.
Co-Founder and CEO, Unocoin
[Update (11th Aug 2017) : We identified that our error logging configuration was logging the error messages including the access token that eventually was getting stored in an external device but with wrong permissions on it and this was used to create unauthorized transactions. Now, we have cancelled all the transactions. We have fixed the issue and have returned to operations.]