BlockNews.com
  • Crypto
  • NFT
  • Metaverse
  • DeFi
  • Business
  • Technology
  • Opinion
  • Guides
No Result
View All Result
FOLLOW
BlockNews.com
  • Crypto
  • NFT
  • Metaverse
  • DeFi
  • Business
  • Technology
  • Opinion
  • Guides
No Result
View All Result
BlockNews.com
No Result
View All Result

Phishing Attack on Cloud Provider, ReTool, Led to $15 Million Crypto Theft from Fortress Trust

BlockNews Team by BlockNews Team
September 15, 2023
in Crypto, Media, Technology
Retool Hack
Share on TwitterShare on Reddit
  • Fortress Trust’s recent crypto theft worth $15 million has a new update, as the unrevealed third party provides details of the phishing attack.
  • Retool, a Cloud provider to Fortune 500 companies, has disclosed the phishing attack on the platform, citing Google’s security feature as insecure.

Retool Disclose Details of Phishing Attack that Led to Fortress Trusts’ $15 Million Crypto Theft

Last week, Fortress Trust, a blockchain financial institution, revealed a minor impact on the platform after a phishing attack was made on a third-party app integrated into its platform.

Fortress also stated that it has terminated the third-party vendor’s integration on its platform as a cautionary measure.

However, the blockchain financial institution did not reveal the third-party vendor’s name, nor was the crypto theft mentioned, leaving users in the dark about who was responsible.

A day after the situation was disclosed on X, Ripple signed a letter of intent to acquire Fortress Trust. Although Ripple had been in takeover talks with the blockchain platform before the breach, Coindesk reported that the incident accelerated the sale.

“Acquiring Fortress Trust affords us a lot of optionality to both improve the current customer experience in our existing products and explore new, complementary products—all in service of becoming the one-stop shop for enterprises looking to convert, store, and move value on blockchain around the world,” Ripple stated in a post on X.

The unnamed third-party vendor whom Fortress Trust claimed was responsible for the cryptocurrency theft was Retool, a San Francisco-based cloud service provider.

On Sept. 13, Retool, a cloud tools service provider with Fortune 500 clients, disclosed the phishing attack on its platform in a lengthy article.

Retool revealed that 27 consumers were affected by the phishing attack, which focused on crypto customers only.

The cloud service provider claimed that its security became vulnerable briefly after the attacker accessed its multi-factor authentication code (MFA) through an employee.

“Getting access to this employee’s Google account, therefore, gave the attacker access to all their MFA codes. With these codes (and the Okta session), the attacker gained access to our VPN and, crucially, our internal admin systems. This allowed them to run an account takeover attack on a specific set of customers (all in the crypto industry). (They changed emails for users and reset passwords.) After taking over their accounts, the attacker poked around some of the Retool apps,” the blog post said.

While the blog post gave a detailed account of the phishing attack, it did not refer to any of the affected clients directly, not even Fortress Trust.

Retool accorded blame to Google’s recently released authenticator synchronization feature, a feature labeled as insecure by Hacker News.

Retool emphasized that merely a tiny fraction of its customers were affected by the attack, leaving other clients who configured the software to the recommended level of security unaffected.

“We’re glad that not a single on-premise Retool customer was affected. Retool on-prem operates in a ‘zero trust’ environment and doesn’t trust Retool cloud. It is fully self-contained and loads nothing from the cloud environment. This meant that although an attacker had access to Retool cloud, there was nothing they could do to affect on-premise customers. It’s worth noting that the vast majority of our crypto and larger customers in particular use Retool on-premise,” the blog post said.

Tags: Fortress TrustReTool
TweetShareShare

DON'T MISS THESE! HOT OFF THE PRESS

bitcoin(s)
Crypto

US Lawmakers Call On SEC Chair To Approve Spot Bitcoin ETFs ‘Immediately’

September 30, 2023
Uniswap-logo
Business

Uniswap Seeks Funding Approval to Bolster Development and Research Initiatives

September 30, 2023
Ripple Logo on Phone
Business

Ripple Retracts Fortress Trust Acquisition, Keeps Future Collaborations Open

September 30, 2023
Eth logo
Crypto

Ethereum Futures ETFs Could Start Trading Next Week — Bloomberg Analyst

September 30, 2023
Paysafe logo on Billboard
Business

Binance Loses Key European Banking Partner Paysafe, Urges Shift to USDT

September 30, 2023
Around the Block
Crypto

Around The Block: Sept 29 Week in News

September 30, 2023
Load More
Next Post
Remitano

Remitano Crypto Exchange Falls Victim to $2.7 Million Hack

Binance

Binance.US Faces Executive Exodus Amid Ongoing Legal Troubles

Deutsche Bank

Deutsche Bank Joins Forces with Taurus for Crypto Custody and Tokenization Services

Related News

sec seal

‘War On Crypto’: Newly Filed Letters Lambast Proposed SEC Custody Rules

May 11, 2023
Blockchain

Unveiling Vulnerabilities in Cross-Chain Bridges: Lessons from the Poly Network Exploit

July 4, 2023
binance

Binance Brazil Under Fire As Brazil SEC Investigates The Firm For Offering Derivatives To Clients Despite Government Stop Order

April 24, 2023

Browse by Category

  • Breaking News
  • Business
  • Crypto
  • DeFi
  • Featured
  • Finance
  • Gaming
  • Guides
  • Investing
  • Media
  • Metaverse
  • NFT
  • Opinion
  • Politics
  • Social
  • Technology
  • Uncategorized
Discord Twitter Instagram TikTok
BlockNews.com

BlockNews.com brings you the most important Crypto and NFT news in the space.

CATEGORIES

  • Breaking News
  • Business
  • Crypto
  • DeFi
  • Featured
  • Finance
  • Gaming
  • Guides
  • Investing
  • Media
  • Metaverse
  • NFT
  • Opinion
  • Politics
  • Social
  • Technology
  • Uncategorized

RECENT POSTS

  • US Lawmakers Call On SEC Chair To Approve Spot Bitcoin ETFs ‘Immediately’ September 30, 2023
  • Uniswap Seeks Funding Approval to Bolster Development and Research Initiatives September 30, 2023
  • Ripple Retracts Fortress Trust Acquisition, Keeps Future Collaborations Open September 30, 2023

© 2022-2023 BlockNews.com - Crypto and NFT news website by JRNY Club.

No Result
View All Result
  • Home
  • Crypto
  • NFT
  • Metaverse
  • DeFi
  • Business
  • Technology
  • Opinion
  • Guides

© 2022-2023 BlockNews.com - Crypto and NFT news website by JRNY Club.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?