Home > Crypto Theft from Fortress Trust Linked to Phishing Attack on Cloud Vendor

Crypto Theft from Fortress Trust Linked to Phishing Attack on Cloud Vendor

by Blockchaincubes

In a recent revelation, Fortress Trust disclosed a cryptocurrency theft amounting to nearly $15 million, unraveling a complex scenario involving a third-party vendor and a phishing attack. Here’s what we know:

The third-party vendor involved has been identified as Retool, a reputable San Francisco-based firm catering to Fortune 500 clients. Retool was responsible for constructing a portal enabling multiple Fortress clients to manage their cryptocurrency holdings.

This theft, attributed to a phishing attack, prompted Fortress to expedite its discussions with Ripple, a blockchain technology company, regarding its acquisition. Although Retool confirmed falling victim to a phishing attack affecting 27 of its customers, the company did not directly reference Fortress in its statement.

 

Specifically Targeted Attack

The phishing attack was directed at a particular group of crypto-oriented customers. However, those who had configured Retool’s software according to the company’s recommendations remained unaffected.

While $15 million is a substantial sum, it represents only a small fraction of Fortress’s total assets under management, which amount to billions of dollars. In response, Ripple made a $15 million down payment to assist Fortress in reimbursing affected customers, as part of their ongoing acquisition agreement.

Fortress initially provided coverage for most affected customers, with Ripple stepping in to ensure that all customers, particularly a major one, were made whole within a week. The security breach was first disclosed by Fortress on September 7, without naming the compromised third-party vendor. Ripple, a minority investor in Fortress, announced its intention to acquire the custodian the following day, citing the incident as a catalyst for the expedited takeover talks.

 

Wallet Providers BitGo and Fireblocks Not Breached

BitGo and Fireblocks, the wallet providers utilized by Fortress, clarified that their systems remained uncompromised. BitGo’s CEO, Mike Belshe, emphasized that his company was not involved in the breach and criticized Fortress’s handling of the situation, citing delayed disclosure of details. Fortress CEO Scott Purcell countered Belshe’s claims, stating that he was kept informed of all events related to the security breach from the moment they occurred.

The Nevada Financial Institutions Division, responsible for overseeing Fortress, was notified of the incident on September 1, according to a spokesperson from the agency.

Investing is speculative, and there is a risk of losing your capital when engaging in financial instruments. This website is not intended for use in jurisdictions where the described trading or mentioned investments are prohibited. The use of this website should only be undertaken by individuals and in compliance with applicable laws. Your residential region or country may not provide adequate investor protection for your investments. Therefore, we strongly recommend conducting thorough due diligence on your own. While this website is accessible free of charge, we may receive commissions from the companies mentioned on the website.

Copyright @2023 | All Rights Reserved | Blockchaincubes.com