The preliminary stages of uncovering evidence are underway in a $36 million lawsuit between IRA Financial Trust, a leading platform for self-directed retirement and pension accounts, and the crypto exchange provider. currency and custodial portfolio, Gemini Trust Company.
According to the complaint, the IRA alleges that Gemini failed to provide appropriate safeguards to protect the crypto assets of IRA Financial clients stored on Gemini’s exchange. Additionally, the lawsuit claims that Gemini failed to freeze the accounts in sufficient time immediately after the incident. It is alleged that Gemini’s inability to respond quickly allowed cyber hackers to continue siphoning funds for hours from customers’ accounts on the Gemini exchange after the IRA notified Gemini.
“IRA Financial filed this lawsuit because, contrary to Gemini’s many public statements about how it prioritizes security, Gemini’s platform inexplicably had a single point of failure that allowed criminals to steal tens of millions of dollars in crypto assets in clients’ retirement accounts. This lawsuit seeks to repair the massive damages suffered by the IRA. The IRA looks forward to proving its claims in court.” said Eric Ostroff, legal adviser to the IRA, quoted in the official lawsuit announcement.
Alleged single point of failure
A key part of the lawsuit is IRA Financial’s claim that despite Gemini’s highly publicized layered approach to security, it created a “master key” for the IRA Financial account. It would then hide all IRA client accounts under that single key as sub-accounts, creating a solitary entry point for hackers to compromise – which they did.
“Critically, Gemini never informed the IRA of the power of this master key. On the contrary, Gemini itself treated the IRA master key as if it were trivial information , repeatedly exchanging insecure and unencrypted emails with the IRA containing the master key.Not only did Gemini’s system harbor a single point of failure, it also contained a root-catch vulnerability that allowed a breach from a single customer account to metastasize to all accounts,” the complaint reads.
In a recent media report, a spokesperson for Gemini refuted the allegations and said the lawsuit was without merit, stating, “Our security standards are among the highest in the industry and we are constantly updating them to ensure that our customers are always protected. as soon as IRA Financial notified us of their security incident, we acted quickly to mitigate the loss of funds from their accounts,” as quoted in the news article.
The complaint goes on to state that the hackers got away with tens of millions of dollars worth of Bitcoin and Ethereum respectively. IRA Financial agrees to reimburse customers with proceeds recovered from the Gemini litigation.
Earn a $50 bitcoin bonus
Our updated list of the best cryptocurrency apps for 2022 is packed full of best-in-class choices. The cryptocurrency apps that landed on our shortlist include perks like $0 commissions and a choice that offers a $50 bitcoin bonus. Check out the list here and start your crypto journey today.
Get the best choices
We are firm believers in the Golden Rule, which is why editorial opinions are our own and have not been previously reviewed, approved or endorsed by the advertisers included. The Ascent does not cover all offers on the market. The editorial content of The Ascent is separate from the editorial content of The Motley Fool and is created by a different team of analysts. Tor Constantino holds positions in Bitcoin and Ethereum. The Motley Fool has positions and recommends Bitcoin and Ethereum. The Motley Fool has a disclosure policy.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.