Crypto Theft from Fortress Trust Traced Back to Phishing Attack on Cloud Vendor Fortress Trust's recent disclosure
of a cryptocurrency theft totaling nearly $15 million has shed light on a complex situation involving a third-party vendor and a phishing attack.
The vendor has now been identified
as ReTool, a reputable San Francisco-based company serving Fortune
500 clients. Retool constructed the portal that allowed several Fortress
clients to manage their cryptocurrency funds.
The theft, attributed to a phishing attack,
prompted Fortress to speed up discussions with blockchain tech firm Ripple for its acquisition. Retool has confirmed that it fell victim to a phishing attack affecting
27 of its customers, but didn't directly reference Fortress in its statement.
The attack
targeted a specific group of crypto-oriented customers, but those who configured Retool's software as recommended
by the company remained unaffected.
“Although an attacker had access to Retool cloud, there was nothing they could do to affect on-premise customers,” emphasized Retool.
“It’s worth noting that the vast majority of our crypto and larger customers in particular use Retool on-premise.”
Although $15 million is a substantial sum, it represents a small fraction of Fortress's overall assets under management
, which total billions of dollars.
Ripple has made a $15 million down payment to help Fortress reimburse affected customers
, as part of their ongoing acquisition deal.
