Crypto retirement provider IRA Financial sues Gemini over $37 million heist that led to customers’ accounts getting drained
Danny Nelson | June 7, 2022
IRA Financial Trust, the crypto retirement account provider that in February lost $37 million to theft, sued Gemini—its custodian and trading partner—for allegedly sloppy security protocols that it claimed led to its customers’ accounts getting drained.
In a civil suit filed Monday in Federal district court, the South Dakota-based company pointed the finger squarely at Gemini for a hack that’s left dozens of retirement savers in disarray. Some of its clients previously told CoinDesk they had picked IRA Financial largely because of its association with the Winklevoss twins’ name-brand crypto exchange.
The IRA Financial complaint alleges that Gemini failed to protect its clients’ assets, claiming that a series of security steps all failed once thieves exploited IRA Financial’s “master key” on Feb. 8.
“IRA has since learned—the hard way, as explained below—that whoever possesses the master key can bypass all the supposed security protections,” the complaint said. “Gemini never informed IRA about the power of this master key.”
“We reject the allegations in the lawsuit,” a Gemini spokesperson told CoinDesk. “Our security standards are among the highest in the industry and we are constantly updating them to ensure our customers are always protected. In this matter as soon as IRA Financial notified us of their security incident we acted quickly to mitigate the loss of funds from their accounts.”
The lawsuit sheds little light on how thieves got a hold of the master key but it does corroborate CoinDesk’s February reporting that a SWAT team descended on IRA Finanical’s headquarters on the day of the hack.
“The police later informed IRA that they believe the call was a ruse to distract IRA employees,” the complaint said.
The hack itself saw thieves drain IRA Financial client accounts one by one. This piecemeal pilfering went on for two hours on Feb. 8 as IRA claimed it tried and failed to get Gemini to freeze all accounts. Millions of dollars were stolen in the interim, IRA Financial claimed.
IRA Financial’s legal action adds another headache to Gemini’s mounting woes. The clients, too, could mount a fight; when CoinDesk last made contact with a group of hack victims in February they were shopping for lawyers in an attempt to get their money back.