- Fortress Trust’s recent crypto theft worth $15 million has a new update, as the unrevealed third party provides details of the phishing attack.
- Retool, a Cloud provider to Fortune 500 companies, has disclosed the phishing attack on the platform, citing Google’s security feature as insecure.
Retool Disclose Details of Phishing Attack that Led to Fortress Trusts’ $15 Million Crypto Theft
Last week, Fortress Trust, a blockchain financial institution, revealed a minor impact on the platform after a phishing attack was made on a third-party app integrated into its platform.
Fortress also stated that it has terminated the third-party vendor’s integration on its platform as a cautionary measure.
However, the blockchain financial institution did not reveal the third-party vendor’s name, nor was the crypto theft mentioned, leaving users in the dark about who was responsible.
A day after the situation was disclosed on X, Ripple signed a letter of intent to acquire Fortress Trust. Although Ripple had been in takeover talks with the blockchain platform before the breach, Coindesk reported that the incident accelerated the sale.
“Acquiring Fortress Trust affords us a lot of optionality to both improve the current customer experience in our existing products and explore new, complementary products—all in service of becoming the one-stop shop for enterprises looking to convert, store, and move value on blockchain around the world,” Ripple stated in a post on X.
The unnamed third-party vendor whom Fortress Trust claimed was responsible for the cryptocurrency theft was Retool, a San Francisco-based cloud service provider.
On Sept. 13, Retool, a cloud tools service provider with Fortune 500 clients, disclosed the phishing attack on its platform in a lengthy article.
Retool revealed that 27 consumers were affected by the phishing attack, which focused on crypto customers only.
The cloud service provider claimed that its security became vulnerable briefly after the attacker accessed its multi-factor authentication code (MFA) through an employee.
“Getting access to this employee’s Google account, therefore, gave the attacker access to all their MFA codes. With these codes (and the Okta session), the attacker gained access to our VPN and, crucially, our internal admin systems. This allowed them to run an account takeover attack on a specific set of customers (all in the crypto industry). (They changed emails for users and reset passwords.) After taking over their accounts, the attacker poked around some of the Retool apps,” the blog post said.
While the blog post gave a detailed account of the phishing attack, it did not refer to any of the affected clients directly, not even Fortress Trust.
Retool accorded blame to Google’s recently released authenticator synchronization feature, a feature labeled as insecure by Hacker News.
Retool emphasized that merely a tiny fraction of its customers were affected by the attack, leaving other clients who configured the software to the recommended level of security unaffected.
“We’re glad that not a single on-premise Retool customer was affected. Retool on-prem operates in a ‘zero trust’ environment and doesn’t trust Retool cloud. It is fully self-contained and loads nothing from the cloud environment. This meant that although an attacker had access to Retool cloud, there was nothing they could do to affect on-premise customers. It’s worth noting that the vast majority of our crypto and larger customers in particular use Retool on-premise,” the blog post said.
