The preliminary stages of evidentiary discovery are underway in a $36 million lawsuit between IRA Financial Trust, a leading platform for self-directed retirement and pension accounts, and cryptocurrency exchange and custodial wallet provider, Gemini Trust Company.
According to the complaint, IRA alleges that Gemini failed to provide proper safeguards to protect the crypto assets of IRA Financial clients stored on Gemini’s trading exchange. Additionally, the lawsuit asserts that Gemini failed to freeze accounts within a sufficient time frame immediately following the incident. It’s alleged that Gemini’s failure to respond quickly allowed cyber-hackers to continue siphoning funds for hours out of customers’ accounts on the Gemini exchange after IRA notified Gemini.
“IRA Financial filed this lawsuit because, contrary to Gemini’s many public statements about how it prioritizes security, Gemini’s platform inexplicably had a single point of failure that allowed criminals to steal tens of millions of dollars of crypto assets from customer retirement accounts. This lawsuit seeks to remedy the massive damage that IRA suffered. IRA looks forward to proving its claims in court,” Eric Ostroff, legal counsel for IRA, is quoted as saying in the official announcement of the suit.
Alleged single point of failure
A key element of the lawsuit is IRA Financial’s assertion that despite Gemini’s highly publicized, multi-layered approach to security, it created a “master key” for the IRA Financial account. It then purportedly tucked all IRA client accounts beneath that single key as sub-accounts, creating a solitary entry point that hackers needed to compromise — which they did.
“Critically, Gemini never informed IRA about the power of this master key. To the contrary, Gemini itself handled IRA’s master key as if it was a mundane piece of information, repeatedly exchanging unsecured, unencrypted emails with IRA containing the master key. Not only did Gemini’s system harbor a single-point-of-failure, but it also contained a sweeping vulnerability that allowed for a breach of a single customer account to metastasize across all accounts,” the complaint reads.
In a recent media report, a spokesperson for Gemini refuted the allegations and said the lawsuit is baseless, stating, “Our security standards are among the highest in the industry and we are constantly updating them to ensure our customers are always protected. In this matter as soon as IRA Financial notified us of their security incident we acted quickly to mitigate the loss of funds from their accounts,” as quoted in the media article.
The complaint goes on to state that hackers made off with tens of millions of dollars worth of Bitcoin and Ethereum respectively. IRA Financial pledges to reimburse clients with proceeds recovered from the Gemini litigation.
Earn a $50 bitcoin bonus
Our updated list of the best cryptocurrency apps for 2022 is packed with best-in-class picks. The cryptocurrency apps that landed on our shortlist include perks such as $0 commissions, and one pick that is offering a $50 bitcoin bonus. Check out the list here and get started on your crypto journey, today.
We’re firm believers in the Golden Rule, which is why editorial opinions are ours alone and have not been previously reviewed, approved, or endorsed by included advertisers.
The Ascent does not cover all offers on the market. Editorial content from The Ascent is separate from The Motley Fool editorial content and is created by a different analyst team.Tor Constantino has positions in Bitcoin and Ethereum. The Motley Fool has positions in and recommends Bitcoin and Ethereum. The Motley Fool has a disclosure policy.