Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Filter by Categories

Google Sync Exploit Costs $15M to Cryptocurrency Custodian

What Happened

A hacking group exploited a Google Account Sync vulnerability to execute a voice phishing scam targeting cryptocurrency custodian Fortress Trust. The attack led to the loss of $15 million worth of customer funds.

Google has since updated Google Authenticator to address the vulnerability.

While the identity of the hackers remains unclear, the attack shares similarities with previous activities attributed to the financially motivated threat group known as 0ktapus, Scattered Spider, and UNC3944.

How It Happened

A sophisticated hacking group targeted cryptocurrency firms by exploiting a critical vulnerability in Google Authenticator, where MFA codes were synced to the cloud, allowing attackers to obtain all MFA codes.

They employed a combination of phishing, social engineering, and deepfakes to trick employees into giving up their credentials.

The hackers targeted Retool, a software development platform used by Fortune 500 companies, including Amazon, DoorDash, and Lyft.

The sequence of events:

  1. Employees received SMS-based phishing messages appearing to come from the company’s IT team, instructing them to access a legitimate-looking link to address payroll and open enrollment issues.
  2. One employee fell for the attack and handed over their credentials and multi-factor authentication (MFA) data.
  3. The attackers used deepfake technology to mimic an employee’s voice during a follow-up phone call, leading to the employee inadvertently providing the attacker with an additional MFA code.
  4. With the MFA code, the hacker gained access to the employee’s Okta account, allowing them to add their own device.

U.S. agencies CISA, FBI, and NSA have published a cybersecurity report highlighting the growing threat of deepfake technology in various malicious activities, emphasizing the need for awareness and preventive measures.

Key recommendations include:

  • Implementing technologies for detecting deepfakes and verifying media provenance in real time.
  • Utilizing passive detection techniques to identify malicious deepfake activities.
  • Protecting high-priority officers and their communications.
  • Minimizing the impact of deepfake techniques through information sharing, response planning, and personnel training.
  • Preparing to address phishing attempts using deepfakes.
  • Involvement in public and private consortia focused on building resilience against deepfake threats, such as the Coalition for Content Provenance and Authenticity and Project Origin.



Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.