Earlier this year, cybercriminals ran off with about $36 million in crypto assets from IRA Financial retirement accounts on the Gemini crypto exchange.
In a lawsuit filed Monday against the Gemini Trust Company, IRA Financial alleged Gemini did not deliver on its contracted promise of security for its crypto assets on the defendant’s crypto exchange.
Gemini Breach: How Millions of IRA Retirement Funds Were Siphoned Off
Gemini is the crypto exchange led by Cameron and Tyler Winklevoss, or the Winklevoss twins. IRA Financial was using Gemini’s architecture to secure users’ accounts, when on Feb. 8 an unscrupulous user began withdrawing bitcoin, ether and U.S. dollars from dozens of users, stealing millions before the hack was spotted, according to reports.
Gemini first pointed blame on IRA for the hack, claiming the transfers were made “by utilizing properly authenticated accounts” that IRA controlled complying “with IRA’s approval processes” and appeared to the crypto exchange “to be legitimate.”
Read Also: Crypto Scam: Meme Coin Tsuzuki Inu Steals $1.1 Million From Investors
The lawsuit alleges that IRA switched from Gemini’s online client to its Application Programming Interface to streamline customer onboarding. That API, it said, had a “fatal flaw,”- a master key that could access all sub-accounts to IRA’s master Gemini account. The suit says that whoever had access to the master key can withdraw crypto assets without second-factor authentication. IRA further alleges Gemini never told the company about the master key.
IRA lawyer Eric Ostroff said in that Gemini’s platform had “a single point of failure” allowing cybercriminals to pocket tens of millions of dollars of crypto assets from customer retirement accounts.
In a statement, Gemini rejected the lawsuit’s allegations, describing their security standards “the highest in the industry.” It further claimed that when IRA Financial notified them of the security breach, Gemini acted quickly to “mitigate the loss of funds from their accounts.”
Users Remain Uncompensated After Data Breach, Class Suit Filed Against Gemini, IRA
Amidst the blame game between Gemini and IRA, users were left hanging for months. As they are still not recompensated for the loss. IRA Financial said it would use funds won in its Gemini lawsuit to reimburse victims.
A class action lawsuit filed against both companies in California federal court last March states that both companies are to be blamed for the data breach, and that neither have acted on compensating victims.
Despite this breach, some financial companies are still considering crypto investments for their retirement savings. Fidelity Investments for its part said it is allowing investors to save some of their 401(k) in Bitcoin.
FTC: About $1B Lost from Crypto Scams, 60 Times Worse Than Four Years Ago
A recent report by the U.S. Federal Trade Commission shows Americans have lost over $1 billion in crypto so far this year, mostly from scams. The rate of losses was over 60 times higher than was reported just four years ago.
Related Article: Crypto Scams: How to Spot Fraud Cryptocurrencies Like SQUID, Tsuzuki Inu