Even though human beings are smart beyond all known limits, the whole dynamic hasn’t proved itself enough to save us from our own limitations. This would expectantly go on to produce a string of detrimental ripple effects. Now, when you are dealing with such a sizeable risk, you naturally start to prefer some semblance of protection along the way. We will, on our part, get that desired safety once we bring dedicated regulatory bodies into the fold. Having a well-defined authority within each and every area was a game-changer, as it instantly gave us a direction that we never had before. However, the stated structure won’t be there for very long. In fact, it was gone the moment technology arrived on the scene. Technology felt like a problem from the get-go mainly because of its layered nature and how it would allow just anyone to exploit others with unmatched ease. This element went against everything that we had achieved under regulatory stewardship. Fortunately, though, the tables will turn again. The same has been wholly apparent across a few recent cases, and one more piece of evidence now looks set to join the list.
IRA Financial Trust, a platform that lets users save for retirement in alternative assets like cryptocurrency, has officially filed a lawsuit against Gemini cryptocurrency exchange over inadequate protection of customers. The lawsuit is predicated upon a theft that hit Gemini back in February 2022, taking a whopping $36 million worth of cryptocurrency away. According to IRA, the crypto exchange pressured it into using Gemini API rather than the web-based platform so to better handle the customer inflow. However, the API came with a master key, which if infiltrated, could make it very easy for the hacker to “transfer and withdraw crypto assets without getting a client’s second-factor authorization.” This failed to inspire any caution, as Gemini still provided IRA with the master key through unencrypted emails, therefore making the trust’s funds vulnerable to an eventual attack. If available details are factual, the bad actors carried out the whole operation by “transferring tens of millions of dollars’ worth of Bitcoin and Ether belonging to hundreds of customers into a single customer retirement account, and then withdrawing all such assets.”
The complaint goes on to claim that even when Gemini was explicitly notified about the breach, it failed to freeze the relevant accounts in time. Nevertheless, Gemini has refuted all the accusations.
“We reject the allegations in the lawsuit,” said Gemini spokesperson, Natalie Rix. “This attack targeted IRA Financial systems — not Gemini. No Gemini systems were compromised by the incident and we acted quickly to assist IRA Financial with their breach.”
Apart from this one, Gemini is also dealing with a lawsuit from CFTC that fixates on a misinterpretation of exchange and futures contract.