Retool reveals details of the $15 million theft from Fortress Trust, with Google Authenticator's cloud sync feature as the attack vector

2023-09-18 15:58:59

Collection

ChainCatcher news, software company Retool published details involving 27 cryptocurrency customer accounts being hacked, including the reason for the $15 million cryptocurrency theft from Fortress Trust. The report shows that the Google Authenticator cloud sync feature was the culprit of this attack, turning multi-factor authentication into single-factor authentication. Once the attacker controlled the Okta account, they also controlled the Google account, thereby gaining access to all OTPs stored in Google Authenticator.

Previously, Fortress Trust CEO Scott Purcell disclosed that the company lost between $12 million and $15 million in cryptocurrency during an attack on a third-party cloud tool provider. According to sources, the provider was Retool, which also admitted to being a victim of a phishing attack.

(Source Link)

Related tags

Retool Fortress Trust theft Google

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.