In a shocking turn of events, the renowned Chinese crypto blogger and journalist Colin Wu has revealed intricate details surrounding a recent crypto hack that has sent shockwaves through the digital currency industry. This audacious cyber attack targeted Fortress Trust, a prominent crypto custodian recently acquired by the blockchain giant Ripple.
The breach, unveiled through an investigation by software development firm Retool and reported by the hacker news, exposed a significant vulnerability in Fortress Trust’s security infrastructure. According to Colin Wu, the Achilles’ heel exploited by the hackers was linked to the additional security layer provided by a major authentication app.
Retool’s findings indicate that cybercriminals managed to infiltrate a staggering 27 accounts within the Fortress Trust crypto custody company. Their success hinged on a meticulously orchestrated SMS-based social engineering attack.
Crypto Security Alert Novel Attack Exposed in Google Sync
Fortress Trust confessed that the hackers leveraged a Google account cloud synchronization feature introduced earlier in the year. This San Francisco-based company, now under Ripple’s ownership, described this feature as a “dark pattern” that exacerbated the breach. Snir Kodesh, the head of engineering at Retool, referred to this form of synchronization as a “novel attack vector.”
Kodesh explained that the multi-factor authentication, once considered a robust defense, had been reduced to a single factor due to a critical update by the internet search giant in April. The attack unfolded on August 27, coinciding with Fortress Trust’s migration of logins to Okta.
The hackers cunningly posed as Fortress Trust IT team members, launching their SMS-phishing campaign. They lured unsuspecting recipients into following a seemingly legitimate link to resolve a payroll-related issue.
One unfortunate staff member took the bait, landing on a counterfeit webpage where they unwittingly divulged their login credentials. The hackers then took their deception to the next level by impersonating an IT team member, utilizing deep fake technology to alter their voice. They coerced the employee into revealing the multi-factor authentication (MFA) code.
Armed with this pivotal code, the hackers seamlessly integrated their device into the victim’s Okta account, enabling them to generate their personalized Multi-Factor Authentication (MFA) codes autonomously. This cunning maneuver granted them unmitigated access to all 27 compromised accounts.
In a final blow, the perpetrators altered the email addresses and passwords associated with these accounts, resulting in a staggering loss of $15 million worth of cryptocurrency assets. The methodology employed in this attack resembles the tactics used by a notorious hacker known as Scattered Spider, or UNC3944, renowned for their expertise in phishing attacks.
Related Reading:| Crypto Scams: NAB Implements Measures To Safeguard Customers