A domain name used by New York-based payment and e-commerce company Treasure Global Inc. has been hijacked and redirects to a page with a menacing full-screen message claiming the system has been “HACKED.”

The screen, which mimics ransomware attacks, shows a ticking clock and warns, “Sorry for the inconvenience,” in white text above a stylized figure in a fedora. The image appears to be a prank template hosted on a third-party domain, but its presence on one of Treasure Global’s own domains suggests a serious breach.
‍

Treasure Global, which operates the ZCITY platform through the domains zcity.io and treasuregroup.co, claims to have lost control of its Namecheap account May 2025. Company operations have since been disrupted. The ZCITY app, company email addresses, and other digital infrastructure linked to the domains have reportedly gone dark.

Related: How can ransomware be delivered?

According to public records and legal filings, the company has been unable to regain access despite submitting proof of ownership to its domain registrar, Namecheap, an Arizona-based company founded in 2000 by Richard Kirkendall.  

An unknown hacker, identified only as “John Doe 1” in court documents, allegedly took control of the company’s Namecheap account due to a security breach at Namecheap. The attacker is believed to have changed the password and locked out Treasure Global, cutting off access to its core services and online presence.

“If true, this type of attack can be extremely dangerous,” said ThreatLocker Special Projects Engineer Kieran Human. “An attacker gaining full control over a domain can cause serious harm to both the victim organization and anyone visiting the site. They could redirect the domain to a fake page designed to steal sensitive information.”

Namecheap, a major domain registrar, has allegedly refused to intervene without a court order. Treasure Global filed a lawsuit this week, Treasure Global Inc. v. Namecheap Inc. and John Doe 1, claiming that Namecheap was negligent in allowing the breach and has aided and abetted the continued loss of its property by refusing to return control of the domains.

The federal complaint, filed July 15 in United States District Court for the District of Arizona, accuses the unidentified hacker of violating the Computer Fraud and Abuse Act and the federal cyberpiracy statute. The filing also states that Treasure Global has suffered extensive financial and reputational harm since the breach.

Treasure Global is seeking a court order to compel Namecheap and the hacker to return its domains, along with monetary damages and attorneys’ fees.

‍