The preliminary stages of seeking evidence are underway in a $ 36 million lawsuit between IRA Financial Trust, a leading platform for self-managed retirement accounts, and Gemini Trust Company, a provider of cryptocurrency exchange wallets and custody.
According to the complaint, IRA claims that Gemini has not provided adequate safeguards to protect IRA Financial clients' cryptocurrency assets held on the Gemini exchange. Furthermore, the lawsuit claims that Gemini did not freeze the accounts within a sufficient amount of time immediately following the incident. It is alleged that Gemini's inability to react quickly allowed cyber-hackers to continue to steal funds from client accounts on Gemini's stock exchange for hours after IRA was notified to Gemini.
“IRA Financial filed this lawsuit because, contrary to Gemini's numerous public statements about safety priority, Gemini's platform inexplicably had a single point of failure that allowed criminals to steal tens of millions of dollars worth of cryptocurrencies from retirement accounts. customers. This legal action seeks to remedy the extensive damage suffered by the IRA. IRA is looking forward to proving his claims in court, ”Eric Ostroff, IRA's legal counsel, said in the official announcement of the lawsuit.
Alleged single point of failure
A key element of the lawsuit is IRA Financial's claim that, despite the highly publicized multi-layered approach to security, Gemini has created a “master key” for the IRA Financial account. He would later hide all of the IRA client accounts under that single key as sub-accounts, creating a single point of entry that the hackers had to compromise, which they did.
“In particular, Gemini never informed IRA of the power of this master key. Instead, Gemini itself handled the IRA's master key as if it were trivial information, repeatedly exchanging unsecured and unencrypted e-mails containing the master key with the IRA. The Gemini system not only housed a single point of failure, but also contained a generalized vulnerability that allowed a breach of a single customer account to spread to all accounts, ”the complaint read.
In a recent media article, a Gemini spokesperson denied the allegations and said the lawsuit was unsubstantiated, stating, “Our safety standards are among the highest in the industry and we are constantly updating them to ensure that our customers are always protected. In this case, as soon as IRA Financial notified us of their security incident, we acted swiftly to mitigate the loss of funds from their accounts, ”as quoted in the media article.
The complaint goes on to state that the hackers managed to steal tens of millions of dollars in Bitcoin and Ethereum respectively. IRA Financial agrees to reimburse clients with the proceeds recovered from the Gemini lawsuit.