The irony is so thick, I don’t know where to begin. Right after I published a column on Monday decrying the sorry state of crypto security, The Block reported that Ripple’s latest acquisition came with an unusual twist—namely that the firm in question had been hacked. The name of the firm? Fortress. Seriously, the satire just writes itself some days.
The details are still trickling out, but it looks as though hackers robbed Fortress, a firm that promises to securely handle your crypto operations, by compromising one of its third-party vendors. This is a popular tactic with cybercriminals—instead of hacking a target directly, they target one of its business partners with weaker security and then use the partner’s access to burrow into the target’s operations. While this means Fortress can try to blame a third party for the incident, any firm that’s serious about security knows to guard against this type of vulnernability—especially when its name is Fortress and its business includes custody, or protecting assets on behalf of its customers.
Fortress appears to have made matters worse by not coming clean about what happened or saying how much money was lost. Mike Belshe, a longtime crypto veteran who runs the custody firm BitGo, which provides services to Fortress (but was not affected by the hacking incident), took to X to call out the company for lying. This is another screwup by Fortress since being candid about when a breach occurs is another thing companies that take security seriously are supposed to do.
A final maddening detail from this episode is that the guy behind Fortress, Scott Purcell, is the same guy behind Prime Trust. If you follow the industry closely, you may recall that Prime Trust raised $64 million in funding to act as a bank-like entity for crypto firms but then was shut down by Nevada regulators for losing at least $70 million worth of customer funds. Why on earth did anyone entrust a guy like this with their money?
If there’s a silver lining in all of this, it’s that for once the customers are not among those hurt by a crypto firm’s careless security. That’s thanks to Ripple, which was in negotiations to buy Fortress when the hack came to light, and agreed to make customers whole as part of the deal. Let’s hope Ripple got a good price.
Jeff John Roberts
jeff.roberts@fortune.com
@jeffjohnroberts
DECENTRALIZED NEWS
Crypto use has slumped in high-income and low-income countries since the FTX debacle, but has more than recovered in middle-income ones—especially in Asia—according to a new Chainalysis report. (Fortune)
Bitcoin briefly dipped below $25,000 as crypto prices fell on reports the FTX estate is poised to offload large tranches of the bankrupt company’s tokens. (CoinDesk)
The FTX estate reached out to at least 75 potential bidders as part of a plan to relaunch the failed exchange. (Fortune)
SEC Chair Gary Gensler is appearing before the Senate Banking Committee on Tuesday morning to repeat his usual rants about crypto. (CoinDesk)
In the latest setback to its plans to expand in India, Coinbase is disabling accounts of some users in response to the Indian government’s hostility to crypto. (Bloomberg)
MEME O’ THE MOMENT
This is the web version of Fortune Crypto, a daily newsletter. Sign up here to get it delivered free to your inbox.
