Info@NationalCyberSecurity
Info@NationalCyberSecurity

Ripple bails out Fortress Trust after hackers steal customer assets | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


UPDATE: Fortress CEO Scott Purcell has since confirmed that the company lost $12-15 million via the hack, most of which was in BTC.

The founder of bankrupt digital asset custodian Prime Trust can’t seem to dodge controversy following news that Ripple was forced to bail out his latest venture.

Last Friday, September 8, the ‘crypto solutions’ entity known as Ripple announced that it had agreed to acquire Fortress Trust, the Nevada-based blockchain infrastructure/custodial company founded in 2021 by Scott Purcell, who also founded Prime Trust. Terms of the deal weren’t disclosed. In 2022, Ripple invested in Fortress Trust’s parent company, Fortress Blockchain Technologies.

Ripple CEO Brad Garlinghouse declared that Purcell and his team had “built an impressive business with recurring revenue and a strong roster of both crypto-native and new-to-crypto customers.” Purcell added that Ripple’s acquisition was “a testament to the team and business that we’ve built in a short period of time.”

But on September 11, the world learned that Ripple’s acquisition was actually a bailout. The day before the acquisition announcement, Fortress had disclosed that four of its clients had been “impacted by a third-party vendor whose cloud tools were compromised.” The announcement reassured customers that there’d been “no breach within Fortress Technology or systems” and “no loss of funds.”

As subsequently revealed by The Block, the only reason no funds were ‘lost’ was because Ripple had assumed responsibility for the losses of impacted Fortress clients. A Ripple spokesperson said the company “was in a position to act quickly to step in and make customers whole,” adding that acquisition talks were already underway but had “accelerated” following the breach.

Neither party has revealed the value of the stolen digital assets nor why Fortress’s original announcement strongly implied that no customer funds had been pilfered. But Mike Belshe, CEO of custodian BitGo—who custodied some of Fortress’s digital assets—issued a lengthy response on X excoriating Fortress for this obvious effort to downplay a serious incident that might have proved disastrous had Ripple not intervened.

‘Crypto’s’ cowardly lions

In June, BitGo briefly played the role of white knight after Nevada financial regulators ordered Prime Trust to halt all operations, citing evidence that it had failed to “safeguard assets under its custody.” But BitGo walked away from its proposed Prime Trust acquisition, with Belshe declaring that a closer inspection of the books revealed that the firm was beyond salvation. Prime Trust was then forced into receivership after regulators reported the firm had only 3% of its customers’ cash on hand.

Belshe said Monday that he couldn’t “express enough how upsetting this Fortress Trust episode is to me.” While stressing that the incident “has nothing to do with BitGo,” Belshe said, “Because Fortress was not forthcoming about what actually did happen, we are now indirectly affected.” Without a definitive statement from Fortress, Belshe offered his own summary of events.

The hackers managed to “drain funds from Fortress’s hot wallet system,” which Belshe said was under the control of Fireblocks—the U.S.-based custodian who formerly stored Prime Trust’s customer assets. Belshe insisted that none of the Fortress assets under BitGo’s custody were impacted.

After being informed of the incident, Belshe said BitGo “strongly advised Fortress to disclose what happened immediately. Fortress did not do that.” Clarifying that Ripple wasn’t at fault here, Belshe said Fortress’s clients “deserved enough respect to get the whole truth,” but Fortress “didn’t have the courage to tell the truth.”

Belshe said the debacle showed the need for “decentralization,” which he claimed would alleviate the need to depend on “the honesty of custodians, bankers or ‘trusted third parties’ acting with integrity when bad things happen.” Belshe said BitGo would “continue to fight to eliminate humans from the mix, to ensure that our financial system is not dependent on any one person’s integrity.”

Chasing your losses

Belshe’s focus on the integrity—or lack thereof—of ‘one person’ seems aimed squarely in Purcell’s direction. Purcell has come under increased scrutiny following the implosion of Prime Trust, which resulted from a combination of human error and naked self-interest.

When Prime Trust was forced into receivership in June, it owed its customers $85.7 million in cash but had less than $3 million on hand. Prime Trust was only $861,000 short of the $69.5 million in digital assets it owed customers, but a mid-August bankruptcy filing showed the bulk of these were illiquid shitcoins, with a distinct paucity of major tokens like BTC and ETH.

Prime Trust’s interim CEO Jor Law later filed a declaration with the U.S. Bankruptcy Court of Delaware that revealed how the company got itself in such dire straits. Among the more jarring revelations was that Prime Trust lost $6 million of its customers’ funds and another $2 million in company funds investing in TerraUSD, the ‘algorithmic stablecoin’ launched by Terraform Labs, whose spring 2022 collapse ushered in the ongoing ‘crypto winter.’

Before that, Prime Trust suffered what the filing called ‘The Wallet Event.’ In a nutshell, Prime Trust set up a series of multi-sig wallets (the ‘Legacy Wallets’) in March 2018 to store customer assets. In July 2019, Prime Trust began migrating its customer assets to Fireblocks, a task it thought it had completed by Q1 2020.

Prime Trust subsequently “sought to deprecate the Legacy Wallets such that customers should no longer make contributions of cryptocurrency into the Legacy Wallets.” At the same time, Prime Trust destroyed its copies of the seed phrase needed to access these wallets, which had been engraved on steel plates. (It seems a good place to point out that digital asset recovery could have nipped this problem in the bud, but we digress.)

As (bad) luck would have it, in January 2021, Prime Trust was still directing customers to make deposits to one of these Legacy Wallets (the ’98f Wallet’). Interim CEO Law claims it wasn’t until December 2021 that “certain company employees” realized the cock-up. That’s when a whale customer requested a withdrawal of ETH tokens greater than Prime Trust had in its Fireblocks wallets, and the true scale of the gaffe became all too apparent.

But instead of admitting its ineptitude, Prime Trust used customer cash to purchase enough ETH to meet its withdrawal requests. Between December 2021 and March 2022, Prime Trust spent nearly $76.4 million of its customers’ cash, keeping up appearances in this fashion. Only in August 2022, when the ruse became unsustainable, did senior execs report the truth to their board of directors.

Keep on movin’

When Prime Trust’s woes became public this summer, Purcell posted on LinkedIn that he’d left the company in January 2021. However, the declaration by interim CEO Law states that Purcell served as Prime Trust’s CEO from its founding in 2016 until August 2021, when he stepped down to launch Fortress a few months later.

The confusion may arise from the fact that, after handing the CEO reins to Tom Pageler, Purcell became CEO of Prime Core Technologies, Prime Trust’s holding company. (Interestingly, neither Prime entity appears anywhere on the ‘experience’ section of Purcell’s LinkedIn.)

At the time, Purcell claimed that Pageler would be free to “run and build the business” while Purcell would “focus on strategic initiatives and vision.” It’s unclear how much strategy and vision Purcell imposed on Prime Trust’s operations after Pageler took over, but Pageler himself was turfed in November 2022 for still unexplained reasons, leading Law to assume the CEO position.

At any rate, just prior to Purcell’s exit (according to Law’s timeline), Prime Trust wrapped up a $64 million Series A funding round. A $108.2 million Series B followed the following year. (Both rounds featured participation from the Kraken exchange’s venture capital arm.) Despite this significant cash injection, Prime Trust could not make good on its losses (there are theories as to why).

Prime Trust attempted a Series C round this February in a last-ditch bid to keep from going under. Nevada regulators approved this fiscal Hail Mary on the condition that only existing shareholders be allowed to participate. Sadly, the offering failed to meet its intended target, and the rest is history.

Another Banqruptcy

In 2020, Purcell founded a crypto-friendly payment processor called Banq Inc. (also missing from Purcell’s LinkedIn). According to a lawsuit later filed by Banq’s current management, in July 2021, Purcell directed Banq to take out a $3 million loan from a Delaware-registered N9 Advisors LLC. The cash was to fund CEO Purcell’s decision to transition Banq into an NFT wallet technology-focused company.

But by December 2021, Purcell abruptly announced plans to “wind down the majority” of Banq’s operations. Four days later, Purcell resigned, along with CTO/CPO Kevin Lehtiniitty and general counsel George Geordiades.

Banq was forced to suspend its operations following the discovery that Purcell and the other departing executives had “secretly and unlawfully transferred” the bulk of Banq’s equipment, technology, intellectual property, and business opportunities—a total estimated value of $17.5 million—to help launch their new project Fortress. Meanwhile, N9 Advisors—a “substantial” Fortress investor, according to Banq’s lawsuit—kept hawking Banq to repay the $3 million loan. Banq filed for bankruptcy in June.

The obligatory Sam Bankman-Fried connection

Prime Trust previously served as a conduit for millions of dollars worth of political campaign contributions that Sam Bankman-Fried (SBF) made with cash belonging to customers of his now-defunct FTX exchange. In April 2022, Politico reported that Prime Trust had received and forwarded $14 million in contributions on behalf of SBF in the previous quarter. CNBC later quoted Purcell saying, “I know that FTX was a customer of Prime Trust.”

Last week, former FTX Digital Markets co-CEO Ryan Salame pleaded guilty to a charge of conspiracy to make unlawful political campaign contributions. Documents presented as part of Salame’s plea show that his roughly $24 million worth of contributions were made to “obscure” SBF’s role in the illegal donation scheme.

In July, federal prosecutors dropped charges of violating campaign finance law against SBF but only to streamline their fraud and money laundering case against the FTX founder. In August, prosecutors said they would file a separate campaign-related case against SBF at some point in the future, a trial that could see Prime Trust execs called to testify as to their role in SBF’s rule-breaking.

Sour grapes, shit happens

On Tuesday, Purcell issued a fiery response to the “sour-grapes tweets” by the BitGo CEO, saying Belshe had “chosen to violate our [non-disclosure agreement] to whine about me not selling the trust company to him, lighting up Twitter with flat-out lies and with half-truths, which he knows extremely well given that he was looped in on the incident the very first day and was part of the comm’s planning … The last thing our industry needs is more theater and FUD. For us, yes, shit happened – we, along with Ripple and along with our partners, stepped up and handled it.”

Fortress co-founder/ex-Banqer Kevin Lehtiniitty also took some public shots at Belshe, but Lehtiniitty was among the executive faces that disappeared from the Fortress website sometime after Prime Trust’s woes became public knowledge. (If you’re curious, here’s the archive.)

Given Purcell’s evident knack for finding himself in company-related drama, we’d strongly advise customers of Kasidie—the Purcell-founded “social community for open-minded adults and swingers”—to ensure their Eyes Wide Shut orgy masks are on super tight. If the past is prologue, you never know what highly personal information might end up in the public eye. Worse, you might have to hear about it from someone other than the people you thought were guarding your secrets.

Follow CoinGeek’s Crypto Crime Cartel series, which delves into the stream of group—from BitMEX to BinanceBitcoin.comBlockstreamShapeShiftCoinbaseRipple,
EthereumFTX and Tether—who have co-opted the digital asset revolution and turned the industry into a minefield for naïve (and even experienced) players in the market.

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.

——————————————————–


Click Here For The Original Story From This Source.

National Cyber Security

FREE
VIEW