Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
On September 7, crypto trust company Fortress said on twitter that its customers were affected by a "compromised third-party provider of cloud tools," but that there was no loss of funds. On September 13, Fortress Trust founder and CEO Scott Purcell said that the company lost $12 million to $15 million in cryptocurrencies in a recent hack, most of which was Bitcoin but two stablecoins. A small amount of USDC and USDT were also stolen, and the company immediately made up for the loss. "Of the 225,000 customers, only 4 customers were actually affected." Purcell repeatedly emphasized that the fault of the security breach lies with the third-party provider, not the Fortress Trust or the company's hosting partners Fireblocks or BitGo. The vendor has been identified as Retool, and Retool admitted that it was the victim of a phishing attack. Attack method (per SlowMist): Third-party Vulnerability. Reported loss: $ 15,000,000.
- chain
- bitcoin
- protocol
- Fortress
- bug_class
- phishing
- date_occurred
- 2023-09-07
- loss_usd
- $15,000,000
- source_id
- sm:fortress::2023-09-07