Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Fortune
Fortune
Jeff John Roberts

Ripple's deal for Fortress included a bailout for customers who had been hacked

man in suit and tie speaking onstage (Credit: Stefan Wermuth—Bloomberg/Getty Images)

The irony is so thick, I don't know where to begin. Right after I published a column on Monday decrying the sorry state of crypto security, The Block reported that Ripple's latest acquisition came with an unusual twist—namely that the firm in question had been hacked. The name of the firm? Fortress. Seriously, the satire just writes itself some days.

The details are still trickling out, but it looks as though hackers robbed Fortress, a firm that promises to securely handle your crypto operations, by compromising one of its third-party vendors. This is a popular tactic with cybercriminals—instead of hacking a target directly, they target one of its business partners with weaker security and then use the partner's access to burrow into the target's operations. While this means Fortress can try and blame a third party for the incident, any firm that's serious about security knows to guard against this type of vulnernability—especially when its names is Fortress and its business includes custody, or protecting assets on behalf of its customers.

Fortress appears to have made matters worse by not coming clean about what happened or saying how much money was lost. Mike Belshe, a longtime crypto veteran who runs the custody firm BitGo that provides services to Fortress (but was not affected by the hacking incident), took to X to call out the company for lying. This is another screwup by Fortress since being candid about when a breach occurs is another thing companies that take security seriously are supposed to do.

A final maddening detail from this episode is that the guy behind Fortress, Scott Purcell, is the same guy behind Prime Trust. If you follow the industry closely, you may recall that Prime Trust raised $64 million in funding to act as a bank-like entity for crypto firms but then was shut down by Nevada regulators for losing at least $70 million worth of customer funds. Why on earth did anyone entrust a guy like this with their money?

If there's a silver lining in all of this, it's that for once the customers are not among those hurt by a crypto firm's careless security. That's thanks to Ripple, which was in negotiations to buy Fortress when the hack came to light, and agreed to make customers whole as part of the deal. Let's hope Ripple got a good price.

Jeff John Roberts
jeff.roberts@fortune.com
@jeffjohnroberts

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.