In a recent and significant cybersecurity incident, Fortress Trust, a well-known crypto custodian based in San Francisco, faced a devastating hack that resulted in the loss of $15 million in cryptocurrency assets. This incident has sent shockwaves through the crypto industry and raised concerns about the security of digital assets held by custodians. Here’s everything you need to know about this high-profile breach.
The Breach
The details of the hack were first shared by Chinese crypto blogger and journalist Colin Wu, shedding light on the vulnerabilities that were exploited by cybercriminals. The breach occurred shortly after Ripple, a giant in the blockchain industry, acquired Fortress Trust. It was made possible thanks to software developing company Retool, as reported by thehackernews.com.
The hackers managed to compromise a total of 27 accounts on Fortress Trust, a crypto custody company responsible for safeguarding digital assets. Their success in this exploit can be attributed to a targeted SMS-based social engineering attack.
Exploiting SMS-Based Social Engineering
The hackers initiated the attack by impersonating a member of Fortress Trust’s IT team. They sent SMS messages to the recipients, posing as helpful IT personnel and providing instructions to follow a seemingly legitimate link. The pretext used was related to a payroll-related problem, a common tactic employed in phishing attacks.
Unfortunately, one staff member fell victim to this ruse and accessed a fake landing page, unknowingly sharing their login credentials. With these credentials in hand, the cybercriminals proceeded to escalate their attack.
Exploiting Google Account Cloud Synchronization
One of the key elements that made this breach possible was the hackers’ exploitation of a Google account cloud synchronization feature introduced in the spring of that year. Fortress Trust pointed out that this feature, initially designed to enhance security, actually made the breach worse and referred to it as a “dark pattern.”
Retool, the software company involved in the investigation, described this type of synchronization as a “novel attack vector.” According to Snir Kodesh, the head of engineering at Retool, the multi-factor authentication system turned into a single factor due to an update made by Google in April.
The Attack Unfolds
The critical moment in the attack occurred when the hackers, posing as members of the IT team, contacted the same employee once again. This time, they employed deep fake technology to alter their voices, further convincing the staffer of their legitimacy. The attackers requested the victim to provide the multi-factor authentication (MFA) code.
With the MFA code in their possession, the hackers were able to add their own device to the Okta account of the victim. Subsequently, they could generate their own MFA codes, granting them access to the account.
Once inside the compromised accounts, the hackers wasted no time. They swiftly changed the email addresses associated with these accounts, along with the passwords. This ensured that the legitimate owners of the accounts would be locked out.
The Aftermath: $15 Million in Losses
As a result of this well-executed attack, a staggering $15 million worth of cryptocurrency assets was lost. The swift and methodical manner in which the hackers operated left Fortress Trust and its clients reeling from the substantial financial hit.
The Culprits and Their Techniques
The attack on Fortress Trust bears a striking resemblance to the tactics employed by a hacker known as Scattered Spider, also known as UNC3944. This individual is believed to be a highly skilled expert in phishing attacks and has garnered notoriety for similar cyber exploits.
Lessons Learned
This incident serves as a stark reminder of the ever-present threat posed by cybercriminals in the crypto industry. It highlights several important lessons that both crypto custodians and individual users should take to heart:
Conclusion
The Fortress Trust hack is a stark reminder of the constant and evolving threats that the crypto industry faces. It underscores the importance of robust security measures and ongoing vigilance to protect digital assets. In a world where cryptocurrency is becoming increasingly mainstream, the security of these assets should remain a top priority for both custodians and individual users.
Get the latest Crypto & Blockchain News in your inbox.