Crypto Theft from Fortress Trust Traced Back to Phishing Attack on Cloud Vendor
Fortress Trust's recent disclosure of a cryptocurrency theft totaling nearly $15 million has shed light on a complex situation involving a third-party vendor and a phishing attack.
The vendor has now been identified as ReTool, a reputable San Francisco-based company serving Fortune 500 clients. Retool constructed the portal that allowed several Fortress clients to manage their cryptocurrency funds.
The theft, attributed to a phishing attack, prompted Fortress to speed up discussions with blockchain tech firm Ripple for its acquisition. Retool has confirmed that it fell victim to a phishing attack affecting 27 of its customers, but didn't directly reference Fortress in its statement.
The attack targeted a specific group of crypto-oriented customers, but those who configured Retool's software as recommended by the company remained unaffected.
“Although an attacker had access to Retool cloud, there was nothing they could do to affect on-premise customers,” emphasized Retool. “It’s worth noting that the vast majority of our crypto and larger customers in particular use Retool on-premise.”
Although $15 million is a substantial sum, it represents a small fraction of Fortress's overall assets under management, which total billions of dollars. Ripple has made a $15 million down payment to help Fortress reimburse affected customers, as part of their ongoing acquisition deal.
According to a Ripple spokesperson, Fortress initially covered most affected customers, and Ripple stepped in to ensure all customers – particularly one large customer – were made whole within a week.
Fortress initially disclosed the security breach on September 7, without naming the compromised third-party vendor. Ripple, which had already been a minority investor in Fortress, announced its intent to acquire the custodian the following day. The incident expedited the takeover talks, according to Ripple, as they swiftly acted to ensure customer protection.
BitGo and Fireblocks, the wallet providers used by Fortress, clarified that their systems were not breached. BitGo's CEO Mike Belshe emphasized that their company was not involved in the breach and criticized Fortress's handling of the situation, as they did not immediately disclose all details.
Fortress CEO Scott Purcell claimed that Belshe was informed of all events regarding the security breach from the moment they had occurred.
Swan Bitcoin, a brokerage firm utilizing Fortress' BitGo wallets for client funds, confirmed that the coins stored in those wallets remained secure throughout the incident.
The Nevada Financial Institutions Division, responsible for overseeing Fortress, was informed of the incident on September 1, according to an agency spokesperson.