- Crypto exchange Gemini and IRA Financial Trust have reached an agreement to settle a legal dispute following a 2022 cyberattack.
- IRA Financial Trust claimed substantial financial losses of $36 million in customer assets due to Gemini’s security breach.
- According to the lawsuit, IRA criticized Gemini’s security measures, particularly the design of its API.
Gemini and IRA Financial Trust settle lawsuit over $36 million cyber theft, shedding light on crypto security vulnerabilities.
Gemini and IRA Financial Trust Reach Settlement in Cybersecurity Lawsuit
Crypto exchange Gemini and self-directed retirement accounts platform IRA Financial Trust (IRA) have reportedly settled a lawsuit following a cyberattack that occurred in February 2022. The legal dispute stemmed from a security breach in which IRA claimed that $36 million worth of customer assets held in Gemini’s custody were stolen. The lawsuit was centered on accusations against Gemini’s supposedly robust security measures.
Allegations of Security Failings
In its legal claims, IRA argued that the cyber theft could have been prevented had Gemini’s security claims been accurate. A key point of contention was Gemini’s API, which was criticized for having a single point of failure. This vulnerability, the lawsuit alleged, allowed cyber attackers to steal all crypto assets managed by institutional clients such as IRA.
“Contrary to Gemini’s many representations about security, Gemini designed its API (application programming interface) with a single point of failure. If breached, this single point of failure allowed a bad actor to steal all crypto assets held by the customers of an institutional customer, like IRA,” stated the lawsuit.
Delayed Response to Cyber Attack
The lawsuit further claimed that Gemini failed to immediately secure the compromised accounts after the cyberattack. IRA asserted that they had to make numerous efforts to alert Gemini about the breach. The delay reportedly allowed hackers to continue their activities, resulting in multimillion-dollar losses.
“IRA did not have the ability to freeze crypto accounts. Once the breach was discovered, IRA had to frantically email Gemini multiple times to get the accounts frozen. Remarkably, it took six emails and nearly two hours for Gemini to freeze all customer accounts. In the meantime, millions of dollars in crypto assets were stolen,” according to IRA.
Settlement and Future Implications
After almost two years since the initial breach, both parties have agreed to a settlement. U.S. District Judge Analisa Torres approved a stipulation of dismissal, marking the formal end to the legal dispute. While the exact terms of the settlement remain undisclosed, this resolution highlights the ongoing concerns and vulnerabilities within the crypto sector’s security practices.
Conclusion
The settlement between Gemini and IRA Financial Trust underscores the critical need for robust security measures in the cryptocurrency industry. As digital assets continue to grow in popularity, ensuring the safety of assets against cyber threats becomes paramount. For stakeholders in the crypto and financial sectors, this case serves as a cautionary tale, emphasizing the importance of constant vigilance and swift action in the face of cyber threats.