Retool Reveals Details of Fortress Trust $15 Million Theft, Google Authenticator Cloud Sync Identified as Primary Attack Vector
On September 18, TuoniaoX.com reported that Retool disclosed details of the Fortress Trust $15 million theft case, with Google account cloud sync being the primary hacking factor. Retool Engineering Manager Snir Kodesh stated: "Google Authenticator cloud sync became the attack vector. We initially implemented multi-factor authentication, but due to a Google update, the previous multi-factor authentication quietly became single-factor authentication (from the administrator's perspective)."
On September 18, TuoniaoX.com reported that Retool disclosed details of the Fortress Trust $15 million theft case, with Google account cloud sync being the primary hacking factor. Retool Engineering Manager Snir Kodesh stated: "Google Authenticator cloud sync became the attack vector. We initially implemented multi-factor authentication, but due to a Google update, the previous multi-factor authentication quietly became single-factor authentication (from the administrator's perspective)."
Previously, Web3 chartered trust company Fortress Trust suffered a hacking incident that resulted in the theft of $12-15 million in cryptocurrency, with the root cause traced to third-party cloud service provider Retool. Retool had established portals for accessing funds for a few Fortress clients, and its clientele also includes Fortune 500 companies.