After the CFTC, the Gemini Trust Co. has now been sued by the IRA over the former’s failure to prevent a hack that resulted in pension fund losses amounting to $36 million.
IRA Sues Gemini
The crypto exchange started by the Winklevoss twins has yet again landed itself in legal trouble. This time it is being sued by IRA Financial, a retirement investment company that has accused the Gemini of a flawed onboarding program. The lawsuit states that the onboarding system had a single point of failure, which led to the theft of $36 million of retirement funds back in February. Furthermore, the lawsuit also blames the exchange for not freezing the accounts with sufficient swiftness, thus allowing more funds to leak out. IRA is hoping to reimburse all its customer funds from the proceeds of the lawsuit.
IRA Blames Single Point Of Failure
The IRA has claimed that the customer onboarding system was facilitated by the exchange’s application programming interface (API) at the insistence of the team at Gemini. However, it was not disclosed that the API contained a single point of failure, which the hackers managed to exploit. The crack in the system refers to a master account that contained all of Gemini’s IRA accounts. The master account, in turn, was controlled by a master key, and anybody who had access to the master key would naturally be able to access all the IRA funds in the sub-accounts.
Where Did Gemini Fail?
The lawsuit pointed out that the hackers were able to somehow obtain the master key from unencrypted emails between Gemini and IRA. They then caused a distraction at the IRA’s South Dakota offices via a falsely reported kidnapping. They took that opportunity to use the master key and gain access to the master account. The hackers then channeled all the funds from the sub-accounts into one and finally withdrew the whole amount before anyone could notice the suspicious behavior. In total, they stole around $36 million worth of crypto, of which $21 million was in Bitcoin and $15 million in Ethereum. Furthermore, the entire transaction happened without triggering Gemini’s anti-fraud systems.
Gemini Rejects Claims Of IRA, CFTC
This is the second lawsuit brought against Gemini in less than a week. On June 2, the Commodity Futures Trading Commission (CFTC) announced it had filed a complaint in the U.S. District Court for the Southern District of New York against Gemini for making false or misleading statements about its product - Bitcoin-based derivatives. Gemini has vehemently denied the allegations of both lawsuits and has even released a statement addressing the claims of the CFTC.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.