Gemini allegedly never notified IRA of the security threat posed by the master key of their API.
IRA Financial, a company that provides services for self-directed retirement and pension funds, is suing crypto exchange Gemini over its failure to prevent the hack of $36 million of IRA customer money in February.
The lawsuit claims Gemini insisted for IRA to use a system that contained a single point of failure which cyber criminals were easily able to exploit.
Proceeds from the lawsuit will be used to reimburse IRA customers.
Share this article
Gemini is being sued for allegedly providing IRA Financial an onboarding system with a single point of failure, which allowed the theft of $36 million in IRA customer money. The exchange is also accused on failing to freeze accounts with sufficient rapidity.
Hack Was Possible Due To Single Point Of Failure
IRA Financial Trust (IRA) is suing Gemini over the February 2022 hack that saw $36 million of IRA customers’ money siphoned from the cryptocurrency exchange.
As stated in their press release, IRA, a U.S. platform for self-directed retirement and pension accounts, alleges in the lawsuit that Gemini “did not have proper safeguards in place to protect customer crypto assets” and “failed to freeze accounts within a sufficient [time-frame]” after IRA had alerted Gemini of the theft.
Gemini is a cryptocurrency exchange based in New York. It was co-founded by Tyler and Cameron Winklevoss and is one of the United States’ top exchanges.
According to IRA, Gemini insisted for the company to use Gemini’s application programming interface (API) to streamline customer onboarding while failing to disclose to IRA that the API contained a single point of failure, namely a master account under which “all of Gemini’s IRA customers were sub-account holders” that was controlled by a master-key.
The criminals, the lawsuit states, were presumably able to obtain the master key from unencrypted emails between Gemini and IRA. On Feb. 8 the hackers may have falsely reported a kidnapping in IRA’s South Dakota offices to the police department (which then sent a SWAT team to respond to the situation) in a maneuver to distract IRA employees from the theft. They then used the master key to consolidate the funds from all sub-accounts into one before withdrawing the entire amount. Gemini’s anti-fraud systems were not alerted of the transfers.
IRA states that proceeds from the lawsuit against Gemini will be used to reimburse IRA customers.
This is the second time in less than a week that a lawsuit has been brought against Gemini. The U.S. Commodity Futures Trading Commission (CFTC) is also suing Gemini for making false or misleading statements concerning its plans for a Bitcoin futures product during an evaluation in 2017.
Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies.
Share this article
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.