Phishing attack results in Fortress Trust losing $15 million worth of cryptocurrencies.

Phishing attack costs Fortress Trust $15 million in cryptocurrencies.

Author: Nikhilesh De, Marc Hochstein, Ian Allison, CoinDesk; Translator: Song Xue, LianGuai

When Fortress Trust disclosed last week that its clients’ cryptocurrencies had been stolen (later revealed to be close to $15 million), it blamed an unnamed third-party vendor.

CoinDesk has confirmed the identity of the vendor, who also admitted to being a victim of a phishing attack. But things may be more complicated.

Insiders said the vendor is Retool, a San Francisco-based company with Fortune 500 clients that built a portal for a few Fortress clients to access funds.

• Understanding Fork-Based Tokens in One Article Definition, Operation Mechanism, and Limitations
• LianGuaiWeb3.0 Daily | Huobi renamed as HTX
• LianGuai Morning News | Coinbase’s platform delists 38 non-dollar trading pairs

They said the theft was the result of a phishing attack that prompted Fortress to agree to be sold to blockchain tech company Ripple.

When asked for comment, Retool directed CoinDesk to a blog post from Wednesday that detailed how the company (not named as Fortress) informed 27 clients on Aug. 29 that their accounts had been “accessed without authorization” due to a phishing attack.

The attackers targeted “a specific set of clients,” all of whom were involved in cryptocurrency, Retool said. However, the majority of cryptocurrency clients, who use the product in the way Retool “encouraged” them to configure its software (“if security is important”), were unaffected.

“We’re happy to say that none of our on-prem customers were impacted. Retool on-prem runs in a ‘zero-trust’ environment and doesn’t trust Retool Cloud,” the blog post said. “It’s completely isolated and doesn’t load any content from the cloud. This means that while the attackers could access Retool Cloud, they couldn’t take any actions that would affect on-prem customers. It’s worth noting that most of our cryptocurrency clients and large customers use Retool on-prem.”

Despite clients being compensated, Fortress clients’ theft has remained a topic of discussion on Crypto Twitter this week, with industry leaders blaming each other and several notable companies being drawn into the incident. But Retool’s role in the incident had not been reported previously.

Crypto Vulnerability

This situation highlights challenges faced by the cryptocurrency market and its development, similar to those faced by traditional finance: there are many potential vulnerabilities, and problems often arise due to unexpected flaws in the system.

While $15 million is not a small amount, it represents a relatively small proportion of the billions of dollars in assets managed by Fortress. A person familiar with the matter said that to help protect client interests, Ripple paid a $15 million “down payment” for the acquisition of this Nevada-based trust company, which is still pending. The person said this payment represents only a small portion of the total purchase price.

A spokesperson for Ripple said that Fortress covered most of the affected customers, but Ripple “intervened to compensate the remaining customers,” and all customers were covered within a week.

The theft “accelerated” the M&A negotiations

Fortress disclosed this security incident in a tweet on September 7, but did not reveal the identity of the “third-party supplier” whose cloud tools were compromised. Nevada Trust Company stated at the time that there was “no financial loss.”

The next day, Ripple, which had already been a minority investor in Fortress, announced that it had signed a letter of intent to acquire the custodian outright.

A spokesperson for Ripple told CoinDesk in a statement on Monday that at the time of the theft, the two companies were already in acquisition negotiations, but this incident accelerated the negotiations.

The statement said, “Last week, after the security incident with the third-party analytics provider, the discussions accelerated, but in the long run, this opportunity makes sense for Ripple.” “Fortunately, Ripple was able to take prompt action to intervene and cover all customers, and there were no vulnerabilities in Fortress technology or systems.”

Fortune quoted Scott Purcell, co-founder and CEO of Fortress, as saying earlier on Wednesday that the scale of the theft was between $12 million and $15 million.

BitGo, Fireblocks, Swan

According to these three companies, Fortress uses wallets provided by Fireblocks and BitGo, neither of which were compromised.

The company is known for its use of multi-party computation tools and stated in a statement, “This leak occurred outside the Fireblocks platform. Due to Fireblocks’ key management system, authorization, and policy engine, the impact on customer funds was extremely limited, and customer funds were recovered in a timely manner.”

BitGo CEO Mike Belshe criticized the way Fortress handled the matter in a tweet, emphasizing that this leak had nothing to do with his company. (Fortress co-founder, CTO, and CPO Kevin Lehtiniitty responded to these criticisms in his own tweet.)

Swan Bitcoin, a brokerage firm that uses BitGo wallets provided by Fortress to store customer funds, stated in a tweet that the tokens stored there “did not change during the events at Fortress.” These tokens are protected by video calls and physical access and will not be affected by any events at Fortress.”

A spokesperson for the Nevada Department of Financial Institutions said that the department is the state regulatory agency responsible for overseeing Fortress, and it was notified of this incident on September 1.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!