Fortress Trust, a leading custodian in the crypto world, has found itself embroiled in a scandal involving a crypto heist that saw up to $15 million vanish from customer accounts.
The disclosure comes at a delicate time, as Fortress was in the final stages of being acquired by Ripple, a major player in the crypto payments sector.
While Ripple has acted quickly to cover customer losses, the incident, according to a Fortune report, has sparked questions about the overall security of third-party vendors in the crypto industry and has potentially spoiled what could have been a smooth acquisition for Ripple.
Today, we are announcing intent to acquire Fortress Trust, part of the @Fortress_io suite of companies. Fortress Trust’s financial and regulatory infrastructure complements and expands Ripple’s comprehensive portfolio of blockchain solutions for finance. https://t.co/LIl3cPEur2
— Ripple (@Ripple) September 8, 2023
Ripple steps in to cover losses
According to reports, the breach impacted only four out of Fortress Trust’s 225,000 customers, but the financial implications were severe. Within days, Ripple, the firm in talks to acquire Fortress, stepped in to reimburse the affected customers. While this quick action may have saved face for Fortress and kept customer trust intact, it also reveals Ripple’s high stakes in this acquisition deal.
A Ripple spokesperson noted that the reimbursement was “baked into the deal” but declined to further elaborate on the extent of the breach. Although the financial details were not fully disclosed, the move to cover losses did accelerate the pace of acquisition talks.
The blame game begins
According to Fortune, Fortress Trust CEO Scott Purcell quickly diverted the blame for the breach onto a third-party vendor, whose compromised cloud tools led to the theft of $12 to $15 million in Bitcoin and smaller amounts in USDC and USDT.
Purcell’s statement was backed by a spokesperson for Fireblocks, one of the company’s custody partners. BitGo, another partner, strongly emphasized that the incident had nothing to do with them, indirectly taking a swipe at Fortress for not being forthcoming with their clients.
Mike Belshe, BitGo’s CEO, tweeted about the breach, breaking a non-disclosure agreement and exposing tensions that arose because BitGo had also been interested in acquiring Fortress Trust.
I can’t express enough how upsetting this Fortress Trust episode is to me. I really don’t want to talk about it at all, because it actually has nothing to do with BitGo. But because Fortress was not forthcoming about what actually did happen, we are now indirectly affected -… https://t.co/jXZYGBt93B
— Mike Belshe (@mikebelshe) September 11, 2023
This tug-of-war for acquisition further scrutinizes Fortress’s security measures and partnerships.
Ripple’s due diligence under scrutiny
Despite Ripple’s swift action, some in the crypto industry have questioned the wisdom of the acquisition. Parrot Capital publicly expressed doubts about Ripple’s due diligence, especially considering that Scott Purcell was the former CEO of Prime Trust, another crypto custodian that folded amid allegations of customer fund misuse.
Moreover, speculation has surged in the XRP community that Ripple may have sold many of its XRP holdings to finance the Fortress acquisition, exerting downward pressure on XRP’s market value.
I wouldn’t want to think that Ripple sold a lot of XRP to fund this acquisition and bailing out of Fortress customers putting downward price pressure on XRP. But that couldn’t be the cause of the price fall today as the whole crypto market fell. https://t.co/siWkXpXL5M
— bill morgan (@Belisarius2020) September 11, 2023
Ripple’s buying spree: A risky gamble?
Ripple’s potential acquisition of Fortress Trust is not an isolated case; the company has been on a buying spree this year. With its earlier acquisitions of Metaco and a stake in Bitstamp, Ripple has been assertive in expanding its crypto infrastructure. Yet, the latest security incident at Fortress raises concerns about whether Ripple is potentially biting off more than it can chew.
As Ripple plans to invest in Fortress Blockchain Technologies, pending regulatory and due diligence approvals, uncertainty over the acquisition remains. The incident has revealed the need for fortified cybersecurity measures, especially when dealing with third-party vendors in the ever-volatile crypto market. This breach may have only affected a fraction of Fortress’s customer base, but its ramifications are rippling across an industry where security is already a top concern.