IRA Financial 'Swatted' at Time of $36M Crypto Hack, Police Officer Tells Victim

The detail adds another layer of intrigue to the seemingly inexplicable hack of IRA Financial Trust, an institutional partner of the Gemini exchange.

AccessTimeIconFeb 24, 2022 at 10:58 p.m. UTC

Danny is CoinDesk's deputy business editor. He owns BTC, ETH and SOL.

IRA Financial Trust was being “swatted” at the time the retirement investment company was hacked for $36 million worth of cryptocurrency, according to a local police account obtained by CoinDesk.

A detective at the Sioux Falls police department recounted the chain of events to a victim of the hack in a Feb. 15 voicemail reviewed by CoinDesk. Officers responded to reports of an alleged “robbery” in progress at IRA Financial Trust’s offices in the South Dakota city on the afternoon of Feb. 8, the detective said.

Police officers quickly determined the robbery call was bogus, the detective said. He described the incident as “swatting”: the practice of tricking police into responding to a nonexistent crisis.

There was a robbery, however – but it was happening in cyberspace, not the Midwest.

“What we were then informed of was that once the employees returned to their desks, after, like, while this ‘robbery’ was taking place or whatever, once they got back to their desks, they all found that customers’ accounts had been hacked into and that money was actively being taken at that time,” the officer said in the voicemail. He did not immediately respond to a request for comment from CoinDesk.

He said in the voicemail that IRA Financial soon managed to stop the money drain. “But by that point roughly a number of minutes had passed and a lot of damage had been done. They reported hundreds of victims as a result of this.”

The officer said he was sharing this information with the victim because "it doesn’t appear that [IRA Financial is] telling their customers very much."

In a statement, IRA Financial Trust said it was “aware” of the law enforcement’s recounting of events.

“Coordinated efforts like these emphasize the growing sophistication of cybercrime that make cyber threats both difficult to prevent and challenging to recover from,” the company said. “We are currently dedicating our attention and efforts to our active investigation and the potential recovery of funds through civil and law enforcement resources. To preserve the integrity of our investigation, we cannot provide further comment or details at this time.”

A baffling break-in

The detail adds another layer of intrigue to the seemingly inexplicable hack of IRA Financial Trust, an institutional partner of the Gemini exchange servicing retirement-minded crypto investors. Gemini, a $7 billion company that touts its security chops, has denied responsibility, instead blaming IRA Financial for the loss of millions of dollars in crypto.

Victims who spoke with CoinDesk said the hack should have been impossible. They described imposing strict controls on their Gemini accounts, including withdrawal address whitelisting, two-factor authentication, email notifications and other steps that they thought would stymie hackers.

A source close to Gemini previously said the company makes those safeguards available to institutional customers in order to prevent such incidents. It is unclear how those protocols were compromised on Feb. 8.

“From the end user perspective it's like, ‘Hey Gemini, if you're going to show us that we have whitelisted withdrawals and that’s not true, you are misleading us,’” said one victim who asked not to be named.

Gemini declined to comment.

The Sioux Falls detective said in the voicemail that the case was being handled by the FBI cybercrimes division. The FBI did not immediately respond to a request for comment.


DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Danny is CoinDesk's deputy business editor. He owns BTC, ETH and SOL.

CoinDesk - Unknown

Danny is CoinDesk's deputy business editor. He owns BTC, ETH and SOL.

Trending

1
CoinDesk - Unknown
Lending Platform Vauld Looks to Restructure Amid Crypto Downturn, Suspends Transactions

Vauld has seen withdrawals of around $198 million since June 12.

CoinDesk - Unknown
2
CoinDesk - Unknown
Solana DeFi Protocol Crema Loses $8.8M in Exploit

Crema Finance developers said they are coordinating with “relevant organizations” to gather more information.

CoinDesk - Unknown
3
CoinDesk - Unknown
Software Firm Meitu Lost Up to $52.3M in H1 Due to Slide in Crypto Prices

The app developer had bought 940.89 BTC and 31,000 ETH in spring of 2021.

CoinDesk - Unknown
4
CoinDesk - Unknown
Argentines Take Refuge in Stablecoins After Economy Minister Resignation

Major crypto exchanges reported that consumers purchased up to three times as many stablecoins over the weekend as they usually do amid a brewing economic crisis.

CoinDesk - Unknown