On September 7, Fortress Trust, a Nevada-based crypto-focused chartered trust company, admitted to a security incident involving an unnamed third-party vendor. While initially denying any loss of funds, it was later disclosed by other parties that Fortress had lost approximately $15 million in crypto assets.
“Last week, 4 Fortress customers were impacted by a third-party vendor whose cloud tools were compromised. Thankfully there is no breach within Fortress Technology or systems, impacted accounts were fully restored, and most importantly, of course, there is no loss of funds,” Fortress said on social media.
CoinDesk has identified the unnamed third-party vendor to be Retool, which acknowledged that it had fallen victim to a phishing attack on August 27. Retool is a San Francisco-based company with Fortune 500 customers, which built the portal for a handful of Fortress clients to access their funds.
Many have criticized Fortress’ handling of the situation, which leaves clients wondering about the safety of their accounts. The incident has been the talk of Crypto Twitter this week, with several prominent companies in partnership with Fortress being caught up in the affair.
Mike Belshe, CEO of BitGo, one of the wallet infrastructure providers of Fortress Trust, denied any involvement in the breach and claimed Fortress had denied requests to disclose the details of the incident.
“After the breach, Fortress reached out to BitGo. BitGo strongly advised Fortress to disclose what happened immediately. Fortress did not do that,” Belshe said on Twitter. “When Fortress lost funds, they chose to omit facts about what happened, downplay the event, and conclude, “most importantly, no funds were lost.” Obviously we now know this was not true.”
In a recent statement provided to crypto news outlet Protos, Fortress founder Scott Purcell clarified that “no loss of funds” referred to their joint efforts with Ripple to cover customers’ losses.
He also reacted to Belshe’s tweets, saying, “As you’ve seen from his sour-grapes tweets, Mike Belshe has chosen to violate our NDA to whine about me not selling the trust company to him, lighting up Twitter with flat-out lies and with half-truths, which he knows extremely well given that he was looped in on the incident the very first day and was part of the comm’s planning.”
The phishing attack played a role in Fortress’ acquisition by Ripple. The blockchain firm, which was already a minority investor in Fortress, announced it had signed a letter of intent to acquire Fortress on Friday. The purchase price was less than the $250 million it paid for custody firm Metaco back in May.
The companies were already in takeover talks when the theft occurred, but the incident accelerated them, a spokesperson for Ripple told CoinDesk in a statement on Monday.
“Conversations accelerated last week following the security incident via a third-party analytics vendor, but this opportunity makes sense for Ripple in the long term,” the spokesperson explained.
The spokesperson added that Ripple was the one who stepped in to cover the losses that resulted from the incident.
“Luckily, Ripple was in a position to act quickly to step in and make customers whole, and there have been no breaches to Fortress technology or systems,” the spokesperson said.
By acquiring Fortress, Ripple adds Nevada to their list of regulatory licenses. Ripple already owns a New York BitLicense and money transmitter licenses in 30 other U.S. states. Ripple president Monica Long described the acquisition as supporting Ripple’s aim of “becoming the one-stop shop for enterprises looking to convert, store and move value on blockchain.”
Players must be 21 years of age or older or reach the minimum age for gambling in their respective state and located in jurisdictions where online gambling is legal. Please play responsibly. Bet with your head, not over it. If you or someone you know has a gambling problem, and wants help, call or visit: (a) the Council on Compulsive Gambling of New Jersey at 1-800-Gambler or www.800gambler.org; or (b) Gamblers Anonymous at 855-2-CALL-GA or www.gamblersanonymous.org.
Trading financial products carries a high risk to your capital, especially trading leverage products such as CFDs. CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. Between 74-89% of retail investor accounts lose money when trading CFDs. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.
This site is using Cloudflare and adheres to the Google Safe Browsing Program. We adapted Google's Privacy Guidelines to keep your data safe at all times.
Crypto Gambling is not available at your location.
For US visitors, we recommend playing at Stake.us Social Casino instead.