Home Altcoins News Major Crypto Custodian Fortress Trust Suffers $15 Million Hack: What You Need to Know

Major Crypto Custodian Fortress Trust Suffers $15 Million Hack: What You Need to Know

Ripple

In a recent and significant cybersecurity incident, Fortress Trust, a well-known crypto custodian based in San Francisco, faced a devastating hack that resulted in the loss of $15 million in cryptocurrency assets. This incident has sent shockwaves through the crypto industry and raised concerns about the security of digital assets held by custodians. Here’s everything you need to know about this high-profile breach.

The Breach

The details of the hack were first shared by Chinese crypto blogger and journalist Colin Wu, shedding light on the vulnerabilities that were exploited by cybercriminals. The breach occurred shortly after Ripple, a giant in the blockchain industry, acquired Fortress Trust. It was made possible thanks to software developing company Retool, as reported by thehackernews.com.

The hackers managed to compromise a total of 27 accounts on Fortress Trust, a crypto custody company responsible for safeguarding digital assets. Their success in this exploit can be attributed to a targeted SMS-based social engineering attack.

Exploiting SMS-Based Social Engineering

The hackers initiated the attack by impersonating a member of Fortress Trust’s IT team. They sent SMS messages to the recipients, posing as helpful IT personnel and providing instructions to follow a seemingly legitimate link. The pretext used was related to a payroll-related problem, a common tactic employed in phishing attacks.

Unfortunately, one staff member fell victim to this ruse and accessed a fake landing page, unknowingly sharing their login credentials. With these credentials in hand, the cybercriminals proceeded to escalate their attack.

Exploiting Google Account Cloud Synchronization

One of the key elements that made this breach possible was the hackers’ exploitation of a Google account cloud synchronization feature introduced in the spring of that year. Fortress Trust pointed out that this feature, initially designed to enhance security, actually made the breach worse and referred to it as a “dark pattern.”

Retool, the software company involved in the investigation, described this type of synchronization as a “novel attack vector.” According to Snir Kodesh, the head of engineering at Retool, the multi-factor authentication system turned into a single factor due to an update made by Google in April.

The Attack Unfolds

The critical moment in the attack occurred when the hackers, posing as members of the IT team, contacted the same employee once again. This time, they employed deep fake technology to alter their voices, further convincing the staffer of their legitimacy. The attackers requested the victim to provide the multi-factor authentication (MFA) code.

With the MFA code in their possession, the hackers were able to add their own device to the Okta account of the victim. Subsequently, they could generate their own MFA codes, granting them access to the account.

Once inside the compromised accounts, the hackers wasted no time. They swiftly changed the email addresses associated with these accounts, along with the passwords. This ensured that the legitimate owners of the accounts would be locked out.

The Aftermath: $15 Million in Losses

As a result of this well-executed attack, a staggering $15 million worth of cryptocurrency assets was lost. The swift and methodical manner in which the hackers operated left Fortress Trust and its clients reeling from the substantial financial hit.

The Culprits and Their Techniques

The attack on Fortress Trust bears a striking resemblance to the tactics employed by a hacker known as Scattered Spider, also known as UNC3944. This individual is believed to be a highly skilled expert in phishing attacks and has garnered notoriety for similar cyber exploits.

Lessons Learned

This incident serves as a stark reminder of the ever-present threat posed by cybercriminals in the crypto industry. It highlights several important lessons that both crypto custodians and individual users should take to heart:

  1. Vigilance in SMS-Based Communications: Users and employees must exercise caution when receiving SMS messages, especially those containing links. Verifying the legitimacy of such messages before taking action is crucial.
  2. Multi-Factor Authentication (MFA) Isn’t Foolproof: While MFA is a powerful security measure, it can be compromised if attackers gain access to the authentication code. Employers and individuals should consider additional security measures to protect their accounts.
  3. Ongoing Security Training: Regular and updated security training for employees can help them recognize phishing attempts and social engineering tactics.
  4. Monitoring and Alert Systems: Crypto custodians should invest in advanced monitoring and alert systems to detect suspicious activities and respond swiftly to potential breaches.
  5. Incident Response Planning: Having a well-defined incident response plan in place can minimize the impact of a breach and improve recovery efforts.

Conclusion

The Fortress Trust hack is a stark reminder of the constant and evolving threats that the crypto industry faces. It underscores the importance of robust security measures and ongoing vigilance to protect digital assets. In a world where cryptocurrency is becoming increasingly mainstream, the security of these assets should remain a top priority for both custodians and individual users.

Read more about:
Share on

Steven Anderson

Steven is an explorer by heart – both in the physical and the digital realm. A traveler, Steven continues to visit new places throughout the year in the physical world, while in the digital realm has been instrumental in a number of Kickstarter projects. Technology attracts Steven and through his business acumen has gained financial profits as well as fame in his business niche. Send a tip to: 0x200294f120Cd883DE8f565a5D0C9a1EE4FB1b4E9

Crypto newsletter

Get the latest Crypto & Blockchain News in your inbox.

By clicking Subscribe, you agree to our Privacy Policy.

Get the latest updates from our Telegram channel.

Telegram Icon Join Now ×