{"id":59523,"date":"2023-09-18T07:50:48","date_gmt":"2023-09-18T11:50:48","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=59523"},"modified":"2023-09-18T07:54:05","modified_gmt":"2023-09-18T11:54:05","slug":"what-caused-ripples-15m-crypto-hack-at-fortress-trust","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/what-caused-ripples-15m-crypto-hack-at-fortress-trust\/","title":{"rendered":"What Caused Ripple&#8217;s $15M Crypto Hack at Fortress Trust?"},"content":{"rendered":"\n<p>Fortress Trust had $15 million stolen from it as a consequence of the <a href=\"https:\/\/coinscreed.com\/staging\/how-to-secure-your-crypto-portfolio-and-safekeep-your-assets.html\" target=\"_blank\" rel=\"noreferrer noopener\">Google Authenticator<\/a> breach, which was disclosed by Retool recently.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/09\/jul-1-1024x576.jpg\" alt=\"\" class=\"wp-image-59532\" srcset=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/09\/jul-1-1024x576.jpg 1024w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/09\/jul-1-300x169.jpg 300w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/09\/jul-1-768x432.jpg 768w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/09\/jul-1-18x10.jpg 18w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/09\/jul-1-750x422.jpg 750w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/09\/jul-1-1140x641.jpg 1140w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/09\/jul-1.jpg 1245w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">What Caused Ripple's $15M Crypto Hack at Fortress Trust?<\/figcaption><\/figure>\n\n\n\n<p>Retool has disclosed vital details regarding a recent malware incident that compromised 27 cryptocurrency accounts. In this incident, a staggering $15 million worth of cryptocurrency was stolen from Fortress Trust after an attacker exploited the Google Authenticator cloud sync function to obtain control. The hacker accessed all data contained within Google Authenticator after seizing control of the victim's Google account.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-security-breach\">The Security Breach<\/h2>\n\n\n\n<p><a href=\"https:\/\/retool.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Retool,<span class=\"wpil-link-icon\" title=\"Link goes to external site.\" style=\"margin: 0 0 0 5px;\"><svg width=\"24\" height=\"24\" style=\"height:16px; width:16px; fill:#000000; stroke:#000000; display:inline-block;\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" xmlns:svg=\"http:\/\/www.w3.org\/2000\/svg\"><g id=\"wpil-svg-outbound-7-icon-path\" fill=\"none\" clip-path=\"url(#clip0_31_188)\">\r\n                            <path d=\"M9.16724 14.8891L20.1672 3.88908\" stroke-linecap=\"round\"\/>\r\n                            <path d=\"M13.4497 3.53554L20.5208 3.53554L20.5208 10.6066\" stroke-linecap=\"round\" stroke-linejoin=\"round\"\/>\r\n                            <path d=\"M17.5 13.5L17.5 16.26C17.5 17.4179 17.5 17.9968 17.2675 18.4359C17.0799 18.7902 16.7902 19.0799 16.4359 19.2675C15.9968 19.5 15.4179 19.5 14.26 19.5L7.74 19.5C6.58213 19.5 6.0032 19.5 5.56414 19.2675C5.20983 19.0799 4.92007 18.7902 4.73247 18.4359C4.5 17.9968 4.5 17.4179 4.5 16.26L4.5 9.74C4.5 8.58213 4.5 8.0032 4.73247 7.56414C4.92007 7.20983 5.20982 6.92007 5.56414 6.73247C6.0032 6.5 6.58213 6.5 7.74 6.5L11 6.5\" stroke-linecap=\"round\"\/>\r\n                        <\/g>\r\n                        <defs>\r\n                            <clipPath id=\"clip0_31_188\">\r\n                                <rect fill=\"white\" height=\"24\" width=\"24\"\/>\r\n                            <\/clipPath>\r\n                        <\/defs><\/svg><\/span><\/a> a software development company, disclosed a recent security breach that affected 27 of its cloud customers. The intrusion, which resulted from a targeted SMS-based social engineering attack, has caused significant concern within the cybersecurity community.<\/p>\n\n\n\n<p>San Francisco-based Retool identified an April 2023 Google Account cloud synchronization feature as a &#8220;dark pattern&#8221; that aggravated the situation. According to Snir Kodesh, director of engineering at Retool, the synchronization of Google Authenticator with the cloud has emerged as a novel and unanticipated attack vector.<\/p>\n\n\n\n<p>This development caught them by surprise, as they had initially implemented multi-factor authentication, which, unbeknownst to administrators, had silently reverted to single-factor authentication as a result of a Google update.<\/p>\n\n\n\n<p>This alarming incident occurred on August 27, 2023. While it did not result in unauthorized access to on-premises or managed accounts, it did occur concurrently with Retool's log-in migration to <a href=\"https:\/\/www.okta.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Okta,<span class=\"wpil-link-icon\" title=\"Link goes to external site.\" style=\"margin: 0 0 0 5px;\"><svg width=\"24\" height=\"24\" style=\"height:16px; width:16px; fill:#000000; stroke:#000000; display:inline-block;\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" xmlns:svg=\"http:\/\/www.w3.org\/2000\/svg\"><use href=\"#wpil-svg-outbound-7-icon-path\"><\/use><\/svg><\/span><\/a> a crucial element of the narrative.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">A Closer Examining of Retool Cyber Attack<\/h3>\n\n\n\n<p>The cyberattack began with a targeted SMS fraud attack against Retool's employees. Threat actors cunningly posed as IT team members, instructing recipients to click a seemingly legitimate link to resolve a fictitious payroll-related issue. One unfortunate employee fell victim to this phishing scheme, arriving on a deceptive page that tricked them into divulging their login credentials.<\/p>\n\n\n\n<p>According to a recent statement, the situation deteriorated after the employee activated the cloud sync feature of Google Authenticator. This provided the threat actors with elevated access to Retool's internal administrative systems, compromising 27 cryptocurrency industry customer accounts. <\/p>\n\n\n\n<p>In a devastating blow, one of these clients, the recently acquired Fortress Trust by Ripple, lost a staggering amount of cryptocurrency, nearly $15 million.<\/p>\n\n\n\n<p>This sophisticated attack demonstrates the vulnerability of syncing one-time codes to the cloud, underscoring the need for FIDO2-compliant hardware security keys to thwart phishing attempts.<\/p>\n\n\n\n<p>Although the hackers' identities remain unknown, their tactics are strikingly similar to those of Scattered Spider (aka UNC3944), a financially motivated threat actor notorious for its sophisticated phishing campaigns.<\/p>\n\n\n\n<p>In addition, deepfake technology and synthetic media have raised alarms at the U.S. government level, with warnings of their potential exploitation in various malicious activities, such as business email compromise (BEC) assaults and cryptocurrency scams. <\/p>\n\n\n\n<p>This incident serves as a stark reminder of the evolving and ubiquitous nature of <a href=\"https:\/\/coinscreed.com\/staging\/cybersecurity-firm-kaspersky-ranks-cryptojackers-among-top-malware-threats-in-africa.html\" target=\"_blank\" rel=\"noreferrer noopener\">cyber threats<\/a> in the digital landscape of the present day.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fortress Trust had $15 million stolen from it as a consequence of the Google Authenticator breach, which was disclosed by Retool recently. Retool has disclosed vital details regarding a recent malware incident that compromised 27 cryptocurrency accounts. In this incident, a staggering $15 million worth of cryptocurrency was stolen from Fortress Trust after an attacker [&hellip;]<\/p>\n","protected":false},"author":53,"featured_media":59532,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[21],"tags":[16461,16459,5817,16460],"class_list":["post-59523","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-crypto-scam-3","tag-forest-trust","tag-hack-2","tag-retool"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/09\/jul-1.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/59523","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/53"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=59523"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/59523\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/59532"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=59523"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=59523"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=59523"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}