In a recent revelation, Fortress Trust disclosed a cryptocurrency theft amounting to nearly $15 million, unraveling a complex scenario involving a third-party vendor and a phishing attack. Here’s what we know:
The third-party vendor involved has been identified as Retool, a reputable San Francisco-based firm catering to Fortune 500 clients. Retool was responsible for constructing a portal enabling multiple Fortress clients to manage their cryptocurrency holdings.
This theft, attributed to a phishing attack, prompted Fortress to expedite its discussions with Ripple, a blockchain technology company, regarding its acquisition. Although Retool confirmed falling victim to a phishing attack affecting 27 of its customers, the company did not directly reference Fortress in its statement.
Specifically Targeted Attack
The phishing attack was directed at a particular group of crypto-oriented customers. However, those who had configured Retool’s software according to the company’s recommendations remained unaffected.
While $15 million is a substantial sum, it represents only a small fraction of Fortress’s total assets under management, which amount to billions of dollars. In response, Ripple made a $15 million down payment to assist Fortress in reimbursing affected customers, as part of their ongoing acquisition agreement.
Fortress initially provided coverage for most affected customers, with Ripple stepping in to ensure that all customers, particularly a major one, were made whole within a week. The security breach was first disclosed by Fortress on September 7, without naming the compromised third-party vendor. Ripple, a minority investor in Fortress, announced its intention to acquire the custodian the following day, citing the incident as a catalyst for the expedited takeover talks.
Wallet Providers BitGo and Fireblocks Not Breached
BitGo and Fireblocks, the wallet providers utilized by Fortress, clarified that their systems remained uncompromised. BitGo’s CEO, Mike Belshe, emphasized that his company was not involved in the breach and criticized Fortress’s handling of the situation, citing delayed disclosure of details. Fortress CEO Scott Purcell countered Belshe’s claims, stating that he was kept informed of all events related to the security breach from the moment they occurred.
The Nevada Financial Institutions Division, responsible for overseeing Fortress, was notified of the incident on September 1, according to a spokesperson from the agency.