New Google cloud sync feature implicated in $15M crypto heist at Ripple-owned Fortress Trust

cyptouser10 months agoCryptocurrencies News276

New Google cloud sync feature implicated in $15M crypto heist at Ripple-owned Fortress Trust

Software development company Retool has blamed the hack of crypto custodian Fortress Trust on a recently introduced Google Account cloud synchronization feature, Hacker News reported on Sept. 18.

Retool, which provides cloud services for several customers, including Fortress Trust, disclosed that all the accounts of its 27 cloud customers were compromised. The breach led to Fortress Trust losing $15 million.

The hack process

Retool’s head of engineering, Snir Kodesh, said the new Google update changed its multifactor authentication standard to single-factor authentication without the administrators being aware.

This allowed the breach, which started as an SMS social engineering attack targeting the company’s employees, to be successful. The bad actor had sent malicious links to employees while pretending to be a member of the IT team.

The message accompanying the link said it was to resolve a payroll issue, and one of the employees unknowingly entered their credentials on the fake landing page. The hackers then called the employee using deepfake voice to obtain a multifactor authentication code.

The hackers could add their device to the employee’s account and produce their multifactor authentication code. This meant they could have an active Google Workspace session on the device.

The hackers gained access to the internal admin system from their devices by activating Google Authenticator cloud sync. They immediately took control of customers’ accounts, changing their email and password.

Retool did not disclose how the attack affected its other customers. However, the sophistication of the process suggests that hackers are experts who might even have insider access to tailor their phishing campaigns to targets.

Following the Aug. 27 incident, Ripple acquired Fortress Trust, reimbursing the affected customer’s funds. Meanwhile, this incident underscores the increasing sophistication of social engineering scammers and hackers now focusing on crypto firms.

The content on this website comes from the Internet. Due to the inconvenience of proofreading the authenticity and accuracy of the copyright or content of some content, it may be temporarily impossible to confirm the authenticity and accuracy of the copyright or content. For copyright issues or other issues caused by this, please Call or email this site. It will be deleted or changed immediately after verification.

related articles

Senator Lummis urges clear crypto regulations after XRP ruling

Senator Lummis urges clear crypto regulations after XRP ruling

United States Senator Cynthia Lummis has taken to Twitter to emphasize the significan...

Ripple ruling is likely to be appealed and overturned, ex-SEC official says

The Ripple case ruling is “ripe for appeal” and likely to be overturned, John Reed Stark,...

Ripple CLO says XRP ruling bodes well for Coinbase, Binance SEC cases

Ripple CLO Stuart Alderoty said on July 25 that a ruling concerning the securities status...

SEC says part of the Ripple ruling was ‘wrongly decided,’ hints at filing appeal

The U.S. Securities and Exchange Commission (SEC) said that a portion of the Ripple ruling ...