New Google cloud sync feature implicated in $15M crypto heist at Ripple-owned Fortress Trust

• Software development company Retool has attributed the hack of crypto custodian Fortress Trust to a recently introduced Google Account cloud synchronization feature.
• The breach resulted in the compromise of all 27 cloud customer accounts, leading to a loss of $15 million for Fortress Trust.
• The hack began with an SMS social engineering attack targeting Retool's employees, where malicious links were sent pretending to be from the IT team.
• One employee unknowingly entered their credentials on a fake landing page, allowing the hackers to obtain a multifactor authentication code through a deepfake voice call.
• The hackers gained access to the internal admin system by activating Google Authenticator cloud sync, enabling them to take control of customers' accounts.

The article highlights a significant security breach that resulted in financial loss for a crypto custodian. It also emphasizes the increasing sophistication of social engineering attacks and the need for stronger security measures.