- Fortress Trust suffered a $15 million hack just before the announcement of its takeover by Ripple
- The breach affected four customers and was repaid, with Ripple taking it into account when pricing up the deal
- Ripple wants to use Fortress Trust’s Nevada license to expand its offering
Crypto custodian Fortress Trust has revealed that it lost between $12 and $15 million prior to its imminent acquisition by Ripple. CEO Scott Purcell told Forbes that the hack saw primarily bitcoin but also USDC and USDT stolen, a loss that the company covered and that was factored into the fee that Ripple paid for it. The breach is said to have been caused by preconfigured third-party cloud tools and will have no lasting impact.
Four Customers Affected
Ripple announced last week that it planned to buy Fortress Trust, making use of the company’s Nevada license to allow it to expand beyond its core offering of blockchain-enabled payments. The security breach, initially attributed to a third-party vendor’s compromised cloud tools, affected four of Fortress’ 225,000 customers but was swiftly addressed, and their accounts were fully restored.
Ripple’s acquisition of Fortress Trust was announced shortly after the security incident, with Ripple’s CEO, Brad Garlinghouse, expressing confidence in Fortress’s business and customer base.
Fortress Initially Denied Loss of Funds
Purcell declined to reveal the identities of the affected customers or the compromised third-party vendor responsible for the breach, noting that the situation involved law enforcement agencies, regulators, and cybersecurity experts.
He reiterated that the security breach was not the fault of Fortress Trust or its custody partners, Fireblocks and BitGo, both of which emphasized that the breach occurred on a third-party service with preconfigured automated authorization and was unrelated to their platforms.
Fortress Trust’s admission of the security incident follows an earlier report that Ripple reimbursed affected customers as part of its acquisition, although initially the custodian had claimed there was no loss of funds. Ripple declined to comment on the extent of the breach but noted that the funds used to cover customer losses were factored into the acquisition deal.