IRA Financial Sues Gemini Over $37M Crypto Heist

The lawsuit corroborates earlier reporting that hackers deployed a police SWAT team as “a ruse to distract IRA employees” on the day of the attack.

AccessTimeIconJun 7, 2022 at 2:56 p.m. UTC

Danny is CoinDesk's deputy business editor. He owns BTC, ETH and SOL.

IRA Financial Trust, the crypto retirement account provider that in February lost $37 million to theft, sued Gemini – its custodian and trading partner – for allegedly sloppy security protocols that it claimed led to its customers’ accounts getting drained.

In a civil suit filed Monday in Federal district court, the South Dakota-based company pointed the finger squarely at Gemini for a hack that’s left dozens of retirement savers in disarray. Some of its clients previously told CoinDesk they had picked IRA Financial largely because of its association with the Winklevoss twins’ name-brand crypto exchange.

The IRA Financial complaint alleges that Gemini failed to protect its clients’ assets, claiming that a series of security steps all failed once thieves exploited IRA Financial’s “master key” on Feb. 8.

“IRA has since learned – the hard way, as explained below – that whoever possesses the master key can bypass all the supposed security protections,” the complaint said. “Gemini never informed IRA about the power of this master key.”

“We reject the allegations in the lawsuit,” a Gemini spokesperson told ConDesk. “Our security standards are among the highest in the industry and we are constantly updating them to ensure our customers are always protected. In this matter as soon as IRA Financial notified us of their security incident we acted quickly to mitigate the loss of funds from their accounts.”

Heist details

The lawsuit sheds little light on how thieves got a hold of the master key but it does corroborate CoinDesk’s February reporting that a SWAT team descended on IRA Finanical’s headquarters on the day of the hack.

“The police later informed IRA that they believe the call was a ruse to distract IRA employees,” the complaint said.

The hack itself saw thieves drain IRA Financial client accounts one by one. This piecemeal pilfering went on for two hours on Feb. 8 as IRA claimed it tried and failed to get Gemini to freeze all accounts. Millions of dollars were stolen in the interim, IRA Financial claimed.

IRA Financial’s legal action adds another headache to Gemini’s mounting woes. The clients, too, could mount a fight; when CoinDesk last made contact with a group of hack victims in February they were shopping for lawyers in an attempt to get their money back.

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Danny is CoinDesk's deputy business editor. He owns BTC, ETH and SOL.

CoinDesk - Unknown

Danny is CoinDesk's deputy business editor. He owns BTC, ETH and SOL.