The irony is so thick, I don't know where to begin. Right after I published a column on Monday decrying the sorry state of crypto security, The Block reported that Ripple's latest acquisition came with an unusual twist—namely that the firm in question had been hacked. The name of the firm? Fortress. Seriously, the satire just writes itself some days.
The details are still trickling out, but it looks as though hackers robbed Fortress, a firm that promises to securely handle your crypto operations, by compromising one of its third-party vendors. This is a popular tactic with cybercriminals—instead of hacking a target directly, they target one of its business partners with weaker security and then use the partner's access to burrow into the target's operations. While this means Fortress can try and blame a third party for the incident, any firm that's serious about security knows to guard against this type of vulnernability—especially when its names is Fortress and its business includes custody, or protecting assets on behalf of its customers.
Fortress appears to have made matters worse by not coming clean about what happened or saying how much money was lost. Mike Belshe, a longtime crypto veteran who runs the custody firm BitGo that provides services to Fortress (but was not affected by the hacking incident), took to X to call out the company for lying. This is another screwup by Fortress since being candid about when a breach occurs is another thing companies that take security seriously are supposed to do.
A final maddening detail from this episode is that the guy behind Fortress, Scott Purcell, is the same guy behind Prime Trust. If you follow the industry closely, you may recall that Prime Trust raised $64 million in funding to act as a bank-like entity for crypto firms but then was shut down by Nevada regulators for losing at least $70 million worth of customer funds. Why on earth did anyone entrust a guy like this with their money?
If there's a silver lining in all of this, it's that for once the customers are not among those hurt by a crypto firm's careless security. That's thanks to Ripple, which was in negotiations to buy Fortress when the hack came to light, and agreed to make customers whole as part of the deal. Let's hope Ripple got a good price.
Jeff John Roberts
jeff.roberts@fortune.com
@jeffjohnroberts
