Phishing attack on software firm Retool enabled Fortress Trust hack: CoinDesk

The third-party blamed for a security failure that allowed a phishing attack to steal $15 million in crypto from Fortress Trust has been named by CoinDesk as Retool, a software development firm with multiple Fortune 500 clients. 

On September 7, Fortress announced that cloud software provided by a third-party had been “compromised” while failing to mention the firm responsible by name. It also claimed there was “no loss of funds.” 

Yesterday evening, CoinDesk cited unnamed sources familiar with the situation that the firm was Retool. The San Francisco firm provides an online portal for Fortress customers that allows them to access their funds.

In response to CoinDesk, Retool acknowledged it had been the victim of a phishing attack. In a blog post published yesterday, it claimed that 27 cloud customers had unauthorized access to their accounts. Retool, however, failed to mention Fortress in the post. 

Retool detailed how one employee was tricked into giving up their multi-factor authentication codes to a hacker. The hacker used a deepfake voice of an employee the victim knew and knowledge of the office layout and staff announcements to convince them to click on the malicious link. 

Read more: Banq alleges founder stole assets to start crypto custodian Fortress

Lucky for the affected Fortress customers, crypto firm Ripple placed a $15 million downpayment as part of acquisition talks with Fortress that would in turn reimburse customers affected by the attack. 

“Conversations accelerated last week following the security incident via a third-party analytics vendor, but this opportunity makes sense for Ripple in the long term,” Ripple said on Monday.

According to a Ripple spokesperson, Fortress covered the majority of affected customer funds but Ripple “stepped in to make the rest of those customers whole.”

BitGo and Fire Wallets, who are both integrated with Fortress, deny any breach in their services. In addition, Swan Bitcoin, a brokerage firm associated with Fortress and BitGo, said its crypto had not been moved.  

In a statement to Protos, the founder of Fortress Trust said that “NO CUSTOMERS HAVE LOST ANY ASSETS,” in the sense that the assets were hacked, but that Fortress Trust “instantly used [its] balance sheet to cover most of the customers in whole and by Tuesday,” with the help of Ripple.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on XInstagramBluesky, and Google News, or subscribe to our YouTube channel.