On Monday, IRA Financial Trust, a platform that offers self-managed digital asset retirement and pension accounts, has filed a lawsuit against cryptocurrency exchange Gemini for alleged negligence in safeguarding customers’ digital assets during a critical exploit. The accounts of the company’s clients were in the custody of Gemini. On February 8, a security breach led to the diversion of $36 million in crypto assets from customer accounts through unauthorized withdrawals.
Both companies have since blamed each other for being responsible for the loss of the funds. To further complicate matters, an alleged hoax emergency call coincided with the time of the hack that distracted many IRA Financial Trusts employees from their desks. To prevent single points of failure in its security systems, Gemini has multiple security features in place, such as two-factor authentication, withdrawal address whitelisting, and fraud detection algorithms.
Nevertheless, IRA Financial Trust argued that instead there was a single point of failure in Gemini’s API systems. The company claimed that there was a master key for customer accounts with the ability to bypass all built-in security measures. “The hackers were able to gain control of the IRA master key by committing crimes.” The statement was limited to stating.
One of the hypotheses is that a series of alleged unencrypted and unsecured email exchanges between Gemini and IRA Financial Trust provided the background for the attack. IRA Financial Trust denies being tipped off by Gemini about the “master key” power in the first place. The lawsuit comes less than a month after both sides tried to resolve the matter without going to court.
Gemini representatives told Cointelegraph: “We deny the allegations in the lawsuit. Our security standards are among the highest in the industry and we constantly update them to ensure our customers are always protected. In this matter, as soon as IRA Financial notified us of their security incident, we acted quickly to mitigate the loss of funds from their accounts.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.