On Monday, IRA Financial Trust, a platform providing self-directed digital asset retirement and pension accounts, filed a lawsuit against cryptocurrency exchange Gemini for alleged negligence in protecting clients’ digital assets during a serious exploit. The firm’s client accounts were placed in Gemini’s custody. On February 8, a breach resulted in the withdrawal of $36 million in crypto assets from customers’ accounts via unauthorized withdrawals.
Since then both the companies have been accusing each other of being responsible for the loss of funds. To complicate matters, an allegedly fake 911 call coincided with the time of the hack, which distracted several employees of IRA Financial Trusts from their desks. To avoid single points of failure in its security systems, Gemini has several security features such as two-factor authentication, whitewashing of withdrawal addresses and fraud detection algorithms.
However, the Ira Financial Trust alleged that instead there was a single point of failure in Gemini’s API system. The firm claimed that a mastery key exists for customers’ accounts with the ability to bypass all built-in security measures. “The hackers were able to gain control of the IRA’s master key by committing a crime.” The release simply claimed.
One scenario is that a series of alleged unencrypted, unsecured e-mail exchanges between Gemini and IRA Financial Trust served as the backdrop for the breach. Ira Financial Trust denies that it was informed by Gemini about the power of the “master key” in the first place. The lawsuit comes less than a month after both sides attempted to settle the issue out-of-court.
Cointelegraph reached out to representatives for Gemini for comment, but did not hear back in time for publication.