At the time of publication, it is unclear if investors will have any recourse to recover the funds.
IRA filed a lawsuit against Gemini cryptocurrency exchange for allegedly negligence in protecting customers’ digital assets during a critical exploit. Gemini held the firm’s client accounts. A breach resulted in the theft of $36,000,000 worth crypto assets via unauthorized withdrawals from customer accounts.
Both companies have since blamed one another for the loss. An allegedly fake 911 call was made at the same time as the hack, which distracted many employees of IRA Financial Trust from their desks. Gemini has multiple security features, including whitelisting withdrawal addresses, two-factor authentication and fraud detection algorithms, to avoid any single point of failure in its security system.
IRA Financial Trust claimed that Gemini’s API systems had a single point for failure. According to the firm, clients had a master key that could bypass all security measures and allowed them to access their accounts without any restrictions. The release stated that hackers were able “to gain control over IRA’s master keys by committing crimes”.
One possibility is that the breach was caused by a series unencrypted, unsecured e mail exchanges between Gemini Financial Trust and Gemini. IRA Financial Trust claims that Gemini did not inform it about the power and significance of the “master keys”. This lawsuit is filed less than a month after both parties tried to resolve the matter out of court. IRA Financial Trust states that if it wins, it will seek damages to compensate investors.
Gemini representatives told Cointelegraph that they reject the allegations made in the lawsuit. We have the best security standards in the industry, and we keep them up to date to make sure our customers are protected. We acted swiftly to prevent the funds being withdrawn from their accounts after IRA Financial notified them of their security breach.
