Fortress Trust made Fireblocks aware of an incident on Monday, August 28, which took place on their platform. 

According to Fortress’ security team, a third-party provider was internally breached. As a result, a malicious actor managed to use the compromised tool to interact with Fortress’ platform on behalf of Fortress’ users. The breach happened outside of the Fireblocks’ platform, and Fireblocks’ key management system, authorization, and policy engines were able to drastically minimize the size and reach of the impact on customer funds. 

Fireblocks has been assisting the Fortress team since the day of the breach. This breach did not affect any other Fireblocks customer. We can confirm that the breach happened on a third-party service with a preconfigured automated authorization and that the Fireblocks platform behaved according to the configuration and rules as intended by Fortress and blocked the transactions after the pre-configured limit was reached.

We continue to offer assistance to the Fortress team and will provide updates to customers as necessary and as we learn more about the situation.