IRA Financial 'Swatted' at Time of $36M Crypto Hack, Police Officer Tells Victim

The detail adds another layer of intrigue to the seemingly inexplicable hack of IRA Financial Trust, an institutional partner of the Gemini exchange.

AccessTimeIconFeb 24, 2022 at 10:58 p.m. UTC
Updated May 11, 2023 at 6:38 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

IRA Financial Trust was being “swatted” at the time the retirement investment company was hacked for $36 million worth of cryptocurrency, according to a local police account obtained by CoinDesk.

A detective at the Sioux Falls police department recounted the chain of events to a victim of the hack in a Feb. 15 voicemail reviewed by CoinDesk. Officers responded to reports of an alleged “robbery” in progress at IRA Financial Trust’s offices in the South Dakota city on the afternoon of Feb. 8, the detective said.

Police officers quickly determined the robbery call was bogus, the detective said. He described the incident as “swatting”: the practice of tricking police into responding to a nonexistent crisis.

There was a robbery, however – but it was happening in cyberspace, not the Midwest.

“What we were then informed of was that once the employees returned to their desks, after, like, while this ‘robbery’ was taking place or whatever, once they got back to their desks, they all found that customers’ accounts had been hacked into and that money was actively being taken at that time,” the officer said in the voicemail. He did not immediately respond to a request for comment from CoinDesk.

He said in the voicemail that IRA Financial soon managed to stop the money drain. “But by that point roughly a number of minutes had passed and a lot of damage had been done. They reported hundreds of victims as a result of this.”

The officer said he was sharing this information with the victim because "it doesn’t appear that [IRA Financial is] telling their customers very much."

In a statement, IRA Financial Trust said it was “aware” of the law enforcement’s recounting of events.

“Coordinated efforts like these emphasize the growing sophistication of cybercrime that make cyber threats both difficult to prevent and challenging to recover from,” the company said. “We are currently dedicating our attention and efforts to our active investigation and the potential recovery of funds through civil and law enforcement resources. To preserve the integrity of our investigation, we cannot provide further comment or details at this time.”

A baffling break-in

The detail adds another layer of intrigue to the seemingly inexplicable hack of IRA Financial Trust, an institutional partner of the Gemini exchange servicing retirement-minded crypto investors. Gemini, a $7 billion company that touts its security chops, has denied responsibility, instead blaming IRA Financial for the loss of millions of dollars in crypto.

Victims who spoke with CoinDesk said the hack should have been impossible. They described imposing strict controls on their Gemini accounts, including withdrawal address whitelisting, two-factor authentication, email notifications and other steps that they thought would stymie hackers.

A source close to Gemini previously said the company makes those safeguards available to institutional customers in order to prevent such incidents. It is unclear how those protocols were compromised on Feb. 8.

“From the end user perspective it's like, ‘Hey Gemini, if you're going to show us that we have whitelisted withdrawals and that’s not true, you are misleading us,’” said one victim who asked not to be named.

Gemini declined to comment.

The Sioux Falls detective said in the voicemail that the case was being handled by the FBI cybercrimes division. The FBI did not immediately respond to a request for comment.


Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Danny Nelson

Danny is CoinDesk's Managing Editor for Data & Tokens. He owns BTC, ETH and SOL.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.