Connect with us

Hi, what are you looking for?


Crypto Theft from Fortress Trust Traced Back to Phishing Attack on Cloud Vendor

Fortress Trust’s recent disclosure of a cryptocurrency theft totaling nearly $15 million has shed light on a complex situation involving a third-party vendor and a phishing attack.

The vendor has now been identified as ReTool, a reputable San Francisco-based company serving Fortune 500 clients. Retool constructed the portal that allowed several Fortress clients to manage their cryptocurrency funds.

The theft, attributed to a phishing attack, prompted Fortress to speed up discussions with blockchain tech firm Ripple for its . Retool has confirmed that it fell victim to a phishing attack affecting 27 of its customers, but didn’t directly reference Fortress in its .

The attack targeted a specific group of crypto-oriented customers, but those who configured Retool’s software as recommended by the company remained unaffected.

“Although an attacker had access to Retool cloud, there was nothing they could do to affect on-premise customers,” emphasized Retool. “It’s worth noting that the vast majority of our crypto and larger customers in particular use Retool on-premise.”

Although $15 million is a substantial sum, it represents a small fraction of Fortress’s overall assets under management, which total billions of dollars. has made a $15 million down payment to help Fortress reimburse affected customers, as part of their ongoing acquisition deal.

The Timeline

According to a Ripple spokesperson, Fortress initially covered most affected customers, and Ripple stepped in to ensure all customers – particularly one large customer – were made whole within a week.

Fortress initially disclosed the security breach on September 7, without naming the compromised third-party vendor. Ripple, which had already been a minority investor in Fortress, announced its intent to acquire the custodian the following day. The incident expedited the takeover talks, according to Ripple, as they swiftly acted to ensure customer protection.

BitGo and Fireblocks, the wallet providers used by Fortress, clarified that their systems were not breached. BitGo’s CEO Mike Belshe emphasized that their company was not involved in the breach and criticized Fortress’s handling of the situation, as they did not immediately disclose all details.

Fortress CEO Scott Purcell claimed that Belshe was informed of all events regarding the security breach from the moment they had occurred.

Swan Bitcoin, a brokerage firm utilizing Fortress’ BitGo wallets for client funds, that the coins stored in those wallets remained secure throughout the incident.

The Nevada Financial Institutions Division, responsible for overseeing Fortress, was informed of the incident on September 1, according to an agency spokesperson.

This post appeared first on

You May Also Like

Editor's Pick

Real gross domestic product rose at a revised 3.2 percent annualized rate in the third quarter versus a 0.6 percent rate of decline in...

Editor's Pick

In Risky Business: Why Insurance Markets Fail and What to Do About It (Yale University Press, 2023), economists Liran Einav (Stanford), Amy Finkelstein (MIT),...

Editor's Pick

After the final lecture of my Fall 2022 International Economic Policy course (an undergraduate offering meant to introduce non-economics majors to the economics of...

Editor's Pick

For years the North Korean playbook was obvious to the world. The Democratic People’s Republic of Korea wanted to be the center of attention....

Disclaimer:, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

Copyright © 2023