Markets News Report
September 18, 2023

Retool Blames Google Cloud Malfunction for $15M Crypto Hack Loss

In Brief

Retool recently reported a breach affecting 27 accounts, with hackers using Google Authenticator’s cloud sync to steal $15 million in crypto from Fortress Trust.

Retool Blames Google Cloud Malfunction for $15M Crypto Hack Loss

In a recent cybersecurity incident, software company Retool announced that hackers breached 27 of its customer accounts and stole approximately $15 million in cryptocurrency from Fortress Trust.

Google Authenticator’s cloud sync feature played a key role in this breach by transforming what should have been a multi-factor authentication into a single-factor vulnerability.

Retool initially designed its system for multi-factor authentication (MFA). But the latest update from Google in April 2023 altered this by silently enabling cloud sync, effectively weakening the security model, according to Snir Kodesh, Retool’s head of engineering. The breach incident occurred on August 27, 2023, around the time Retool was transitioning their login process to Okta.

Anatomy of the Retool’s Attack

The attacker first initiated an SMS phishing attack, masquerading as a member of the IT team to address a “payroll issue.” Falling into the trap, an employee unknowingly handed over their login credentials through a deceptive link. To add insult to injury, the hacker leveraged deepfake technology to mimic the voice of an IT team member, tricking the employee into sharing an additional OTP token.

This token was crucial, as it let the attacker link a new device to the employee’s Okta account, granting them active access to the company’s Google Workspace session. With cloud sync enabled on Google Authenticator, the attacker then accessed internal admin systems and took control of 27 customer accounts, leading to the enormous crypto heist from Fortress Trust.

The attack illustrates that cloud syncing of one-time passcodes can pose a security risk, counteracting the “something the user has” factor in MFA. Security experts are now advising the use of FIDO2-compliant hardware security keys to counter such phishing attacks.

Who Could Be Behind the Attack?

Although the exact identity remains undisclosed, the attack strategy resembles that of a group known as Scattered Spider or UNC3944, notorious for their sophisticated phishing campaigns. A recent advisory from the U.S. government has also highlighted the rising use of deepfakes in cyber-attacks, adding another layer of concern in an already complex security landscape.

In light of these events, businesses and individual users alike may need to reassess their reliance on cloud-based MFA solutions. As the Retool incident has shown, even seemingly secure systems can have vulnerabilities that skilled hackers are more than willing to exploit.

Disclaimer

In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.

About The Author

Nik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master's degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.

More articles
Nik Asti
Nik Asti

Nik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master's degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.

Hot Stories

Top Investment Projects of the Week 25-29.03

by Viktoriia Palchik
March 29, 2024
Join Our Newsletter.
Latest News

Custom HTML

by Valentin Zamarin
August 08, 2024

Top Investment Projects of the Week 25-29.03

by Viktoriia Palchik
March 29, 2024

Supply and Demand Zones

Cryptocurrency, like any other currency, is a financial instrument based on the fundamental economic principles of supply ...

Know More

Top 10 Crypto Wallets in 2024

With the current fast-growing crypto market, the significance of reliable and secure wallet solutions cannot be emphasized ...

Know More
Read More
Read more
Custom HTML
News Report
Custom HTML
August 8, 2024
Modular Blockchain Sophon Raises $10M Funding from Paper Ventures and Maven11 Amid Veil of Mystery
Business News Report
Modular Blockchain Sophon Raises $10M Funding from Paper Ventures and Maven11 Amid Veil of Mystery
March 29, 2024
Arbitrum Foundation Announces Third Phase Of Grants Program, Opens Applications From April 15th
News Report Technology
Arbitrum Foundation Announces Third Phase Of Grants Program, Opens Applications From April 15th
March 29, 2024
Vitalik Buterin Advocates For Memecoins’ Potential In Crypto Sector, Favors ‘Good Memecoins’
News Report Technology
Vitalik Buterin Advocates For Memecoins’ Potential In Crypto Sector, Favors ‘Good Memecoins’
March 29, 2024