Gemini Exchange Sued by Retirement Investment Firm Over $36M Hack

Key Insights:

  • IRA Financial holds Gemini responsible for a $36 million hack of its client accounts in February.
  • The suit claims that there was a ‘fatal flaw’ in Gemini’s API.
  • Gemini refutes the allegations claiming that it acted to mitigate losses.

The Winklevoss twins’ fully regulated Gemini exchange is the latest to land in hot water this week. On June 6, retirement investment company IRA Financial filed a lawsuit against Gemini Trust Company for failing to protect its clients following a hack earlier this year.

On February 8, hackers began siphoning IRA clients’ accounts, withdrawing Bitcoin (BTC), Ethereum (ETH), and U.S. dollars, stealing as much as $36 million before the attack was spotted. IRA Financial was using Gemini’s architecture to secure clients’ crypto accounts.

According to Gemini, IRA was responsible for the losses as the transfers were made “by utilizing properly authenticated accounts” controlled by IRA that “complied with IRA’s approval processes and appeared to Gemini to be legitimate.”

However, the financial investment firm begs to differ and stated in the suit:

“In reality, Gemini’s greedy focus on lining its owners’ pockets at the expense of security caused tens of millions of dollars in damages to customers and to IRA.”

Master Key Fatal Flaw

The suit alleges that IRA changed from Gemini’s online platform to its API (Application Programming Interface) to streamline the account opening process.

It also claims that the API had a “fatal flaw” and a “single point of failure,” which if exploited, allowed a bad actor to “steal all crypto assets held by the customers of an institutional customer, like IRA.” The alleged flaw granted access to a “master key” that could access all sub-accounts to IRA’s master Gemini account. Gemini never informed IRA about this master key, the suit claims.

Eric Ostroff, attorney for the investment firm, said that “Gemini’s platform inexplicably had a single point of failure that allowed criminals to steal tens of millions of dollars of crypto assets from customer retirement accounts.”

Communications lead at Gemini, Natalie Rix, disputed the allegations stating that “as soon as IRA Financial notified us of their security incident, we acted quickly to mitigate the loss of funds from their accounts.”

The blame game has been going on for months while the theft victims have yet to see any sign of compensation.

Gemini has been downsizing recently as the bear market bites deeper. Last week the firm announced it was slashing 10% of its workforce in light of the coming crypto winter.

A Bad Day For Binance

Gemini is not the only crypto exchange getting into hot water this week. The world’s largest exchange, Binance, has come under the spotlight of the U.S. Securities and Exchange Commission over its BNB token.

The SEC, which assumes all cryptocurrencies as securities, claims that Binance held an unregistered token sale of BNB in 2017. It appears to be a similar move that the regulator has taken against Ripple over its XRP sale.

In reality, crypto assets have yet to be officially defined and classified in the United States.