IRA Financial Trust, the crypto retirement account provider that in February lost $37 million to theft, sued Gemini – its custodian and trading partner – for allegedly sloppy security protocols that it claimed led to its customers’ accounts getting drained.
In a civil suit filed Monday in Federal district court, the South Dakota-based company pointed the finger squarely at Gemini for a hack that’s left dozens of retirement savers in disarray. Some of its clients previously told CoinDesk they had picked IRA Financial largely because of its association with the Winklevoss twins’ name-brand crypto exchange.
The IRA Financial complaint alleges that Gemini failed to protect its clients’ assets, claiming that a series of security steps all failed once thieves exploited IRA Financial’s “master key” on Feb. 8.
“IRA has since learned – the hard way, as explained below – that whoever possesses the master key can bypass all the supposed security protections,” the complaint said. “Gemini never informed IRA about the power of this master key.”
“We reject the allegations in the lawsuit,” a Gemini spokesperson told ConDesk. “Our security standards are among the highest in the industry and we are constantly updating them to ensure our customers are always protected. In this matter as soon as IRA Financial notified us of their security incident we acted quickly to mitigate the loss of funds from their accounts.”
The lawsuit sheds little light on how thieves got a hold of the master key but it does corroborate CoinDesk’s February reporting that a SWAT team descended on IRA Finanical’s headquarters on the day of the hack.
“The police later informed IRA that they believe the call was a ruse to distract IRA employees,” the complaint said.
The hack itself saw thieves drain IRA Financial client accounts one by one. This piecemeal pilfering went on for two hours on Feb. 8 as IRA claimed it tried and failed to get Gemini to freeze all accounts. Millions of dollars were stolen in the interim, IRA Financial claimed.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.