Phishing Attack on Cloud Provider Led to $15M Crypto Theft From Fortress Trust

Fortress trust disclosed the theft of customers Cryptocurrency last week and blamed the loss of $15 million on an unnamed third party vendor that is now identified by coin desk. Joining us now to discuss this coin desk, global policy and regulation managing editor Nick Day, who is also the editor of the all important coin desk state of crypto newsletter morning, Nick. Happy Thursday. Hey, good morning. Ok. So who's this third party vendor? And how did Coindesk sleuths find out who it is? Well, to answer the second question, you know, uh we've been looking into this basically all week. Um Obviously the news of the acquisition of Fortress and the fact that Fortress had reportedly been breached were big topics on crypto Twitter over the last couple of days. And uh you know, we were doing our thing. So there was a group of us a coined us just I guess, you know, maybe we can talk about like standard journals and practices but reaching out to parties that might know something or that are otherwise involved trying to get their sense of, uh you know, what might have happened, trying to piece together the public statements that were made. Um you know, obviously a lot of companies made a number of public statements over the past week including Fortress as you've put on the screen, uh kind of just talking through what happened. So we found that this was a company called Retool. They provide uh services to a number of firms um offering both cloud based and on premise, meaning uh you know, on system stay host, uh on, you know, in their facilities, uh services to companies uh building, you know, portals and things like that uh ways for people to access. We're still missing a couple of the finer details, the more technical details on how exactly the intruders went from, you know, fishing a retool employee to being able to access funds uh managed by fortress. But um you know, it, it really kind of shows the complexity of some of the systems that we're talking about here in crypto, right? You have uh you know, number of parties that are involved in this, uh you know, in this one company trying to maintain security of crypto keys. And uh here, you know, something went through. But uh it's, you know, most of the funds did not move. Nick Ripple, acquired Fortress Trust back on September 8th, did the security incident expedite the acquisition process. So to be clear right now, they've signed a letter of intent and put down a 15 million down payment, but the actual acquisition itself hasn't closed as far as I know, um Ripple spokesperson did say that it, you know, helped accelerate the talks, uh matching some of, you know, what we heard as well while we were reporting out the story. And uh, yeah, so, uh so if Fortress used the wallets provided, provided by fire blocks and big, uh those guys weren't breached. So how did they react? Yeah. No, we've seen public statements from, you know, both fire blocks and uh big Ceo Mike Belshe. Uh you know, as you say, noting that they were, you know, funds that they were using or that were built on their technology were not accessed. Um Again, this seems to be kind of, you know, it's hard to say like if any single party was responsible for this, it kind of seems like what happened was that, you know, you had a technology stack that was built upon by fortress and then somewhere in that there might have been some kind of communication, er uh you know, as far as how the different technology stacks talk to each other and that might have just created a window that would allow for, um you know, uh an attacker to go in and siphon away some funds. All right, Nick, thanks so much for joining us this morning and unpacking the complications that go on in this industry. Thanks for being here. We will see you tomorrow. Sounds good. All right. That was Coindesk global policy and regulation. Managing editor Nick Day. Don't forget to sign up for the state of crypto newsletter on coindesk dot com.