Crypto Theft from Fortress Trust Traced Back to Phishing Attack on Cloud Vendor

Recently, a crypto theft loss of more than $1 million was traced back to a phishing attack on an unnamed cloud vendor that targeted Fortress Trust, a digital asset storage firm.

The breach happened on October, 2020 when hackers gained access to a cloud storage account and downloaded a copy of the master seed, the key used to generate keys for customer wallets, allowing them to access and transfer the funds.

An investigation by Fortress Trust revealed that the attackers were able to ‘piggyback’ on an existing account at the cloud vendor that had shared access with Fortress Trust and used it to gain access to retrieve the master seed.

The funds were immediately frozen and the investigation is ongoing. Fortress Trust has since taken steps to enhance security protocols and to better protect the security of its customers’ funds.

This incident serves as a reminder of how important it is for companies to practice good security hygiene including regularly monitoring privileged access and shared access accounts. It’s also essential to use strong authentication methods and prioritize access control management to reduce the risk of similar breaches.