When Fortress Trust last week disclosed the theft of its customers' cryptocurrencies (later revealed to total nearly $15 million), the company shifted the blame to an unnamed third-party vendor.

CoinDesk has identified the vendor and admitted that it was the victim of a phishing attack. But the story may be more complicated than just one party's failure.

The vendor is Retool, a San Francisco-based company with Fortune 500 customers that has built a portal through which a small number of Fortress customers can access their funds, the people said.
They said the theft that led Fortress to agree to sell itself to blockchain technology company Ripple occurred as a result of a phishing attack.

When asked for comment, Retool told CoinDesk how it informed 27 customers on August 29 that their "accounts had been compromised" as a result of a phishing attack, without naming Fortress. We introduced Wednesday's blog post detailing how the company was notified.

The attackers targeted a “specific group of customers,” all of whom were involved in the cryptocurrency business. However, Retool said that customers who configured their software in a way that "prompts" consideration ("when security is important") will not be affected, and that the vast majority of crypto customers use the product that way. Ta.

"We are pleased that not a single on-premises Retool customer was affected. Retool on-premises operates in a 'zero trust' environment and does not trust the Retool cloud," the blog post states. "It's completely self-contained and doesn't load anything from the cloud environment. This means that even if an attacker had access to the Retool cloud, there was nothing they could do to impact on-premises customers. It is particularly noteworthy that the majority of our crypto and large-scale customers use Retool on-premises.”

Despite the customer being cleared, Fortress' customer theft became a hot topic on crypto Twitter this week, with industry leaders blaming each other and several prominent companies implicated in the incident. Ta. However, Retour's role in this incident had not been previously reported.

Cryptocurrency vulnerabilities

This situation highlights the challenges faced by the crypto market and its evolution along with the traditional financial industry. There are many potential points of vulnerability, and problems often arise because of an unexpected flaw somewhere in the system.

While $15 million is not insignificant, it is a relatively small portion of the billions of dollars in assets that Fortress manages. To help Fortress get its customers back on track, Ripple has made a $15 million "down payment" on its yet-to-be-completed acquisition of the Nevada-based trust company, a person with direct knowledge of the situation said. . The person said the payment was a small portion of the total purchase price.

A Ripple spokesperson said that while Fortress covered most of the affected customers, Ripple "intervened to make the remaining customers whole" and within a week all customers were covered. said.

M&A negotiations 'accelerated' due to theft

フォートレスは9月7日のツイートでセキュリティインシデントを明らかにしたが、クラウドツールが侵害されたとしている「サードパーティベンダー」は特定しなかった。 ネバダ州の信託会社は当時、「資金の損失はなかった」と述べた。

翌日、すでにフォートレスの少数投資家であったリップルは、カストディアンを完全に買収する意向書に署名したと発表した。
リップル社の広報担当者は月曜の声明でコインデスクに対し、盗難事件が起きた時点で両社はすでに買収交渉を行っていたが、今回の事件で買収交渉が加速したと述べた。

「先週、サードパーティ分析ベンダーによるセキュリティインシデントを受けて会話が加速したが、この機会はリップルにとって長期的には意味がある」と声明では述べている。 「幸いなことに、リップルは顧客を完全にするために迅速に行動できる立場にあり、フォートレスのテクノロジーやシステムへの侵害は発生していません。」
フォーチュンは水曜日初め、フォートレスの共同創設者兼最高経営責任者（CEO）のスコット・パーセル氏の話として、盗難の規模が1200万ドルから1500万ドルの範囲であると報じた。

BitGo、ファイアブロック、スワン

3社によれば、FortressはFireblocksとBitGoが提供するウォレットを使用していたが、どちらもそれ自体は侵害されていなかったという。
マルチパーティ計算ツールの使用で知られる同社は、「この侵害はFireblocksのプラットフォームの外部で発生した」と声明でCoinDeskに語った。 顧客の資金への影響は大幅に限定され、顧客の資金はすぐに回復されました。」