Retool Identified as Third-party Vendor in Fortress’ $15 Million Crypto Theft

Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.

San Francisco-based software company Retool has been identified as the third-party platform through which $15 million in Fortress Trust funds were stolen.

Theft Fast-Tracks Fortress’ Acquisition

In a September 7 tweet, API-focused e-payment platform for Web3 companies Fortress announced that four of its customers’ accounts with a cloud tool platform were compromised. It was later disclosed that $15 million was lost in the process.

However, Fortress Technology refused to disclose the third-party vendor involved in the reported theft. After the platform hack, Fortress immediately terminated its integration with the cloud service provider’s platform and assured other investors that their funds were safe.

Recent revelations show that it might be San Francisco-based cloud service provider Retool. According to a blog post, Retool admitted it fell prey to a spear phishing attack on August 29, 2023. About 27 customers were impacted after their accounts were accessed illegally in that incident.

Although it didn’t name Fortress Technology in the post, Retool was tasked with creating a portal. This will enable the designated account of four Fortress customers to directly view their account balance using the cloud services platform.

This attack has served as a catalyst for Fortress to sell its business to the cross-border blockchain protocol, Ripple. The blockchain protocol reportedly paid the stolen $15 million as a down payment to make the affected customers whole.

This sum is expected to be removed once the final acquisition is concluded. For now, no particular price peg has been placed on the Nevada-based trust company.

Speaking on the latest development, Ripple blockchain’s spokesperson noted talks about the acquisition quickly accelerated after reports of the incident were confirmed.

Ripple, who was already a minority holder in Fortress Technology, said the acquisition made sense for its strategic initiative of expanding crypto access across the globe.

On-Premise Accounts Were Secured

The crypto space has been the subject of several cyber attacks over the past two years. For instance, the Ronin network, a side-chain for the Axie Infinity non-fungible token (NFT) game, lost a reported $600 million. Several other attacks have been recorded, with crypto investors losing millions.

Retool noted that the impacted accounts were those of clients in the crypto space. This points to the lackluster security protocols most crypto-focused services often face.

However, the cloud services provider clarified that all accounts using its on-premise software remained unaffected. Retool’s on-premise accounts operate within a zero-trust framework, meaning its cloud tools cannot access the software. This is because it is stored using a multi-signatory wallet and is solely a self-contained environment.

Meanwhile, BitGo and Fireblocks were the custodial wallets Fortress Technology used in integrating with the Retool platform. However, both platforms were not impacted by the security breach.

Clearing the air on the event, BitGo CEO Mike Sheele stated unequivocally that the breach had nothing to do with the crypto wallet provider in a tweet.

Meanwhile, brokerage firm Swan Bitcoin also testified that none of their crypto funds were stolen by hackers during the aforementioned security incident.

According to the crypto brokerage company, all crypto assets are secured with video calls and physical access, ensuring only the authorized account owner can access the accounts.

The continued focus on crypto businesses shows the ecosystem is not yet mature enough to safeguard itself. Furthermore, the lack of regulatory clarity has made it easier for hackers to make away with stolen funds if a security breach is not quickly noticed.

About Jimmy Aki PRO INVESTOR

Based in the UK, Jimmy is an economic researcher with outstanding hands-on and heads-on experience in Macroeconomic finance analysis, forecasting and planning. He has honed his skills having worked cross-continental as a finance analyst, which gives him inter-cultural experience. He currently has a strong passion for regulation and macroeconomic trends as it allows him peek under the global bonnet to see how the world works.