Key Takeaways:
- IRA Financial Hacked for $36M in Bitcoin and Ethereum.
- Hackers stole $21 million in Bitcoin and $15 million in Ethereum from IRA Financial Trust retirement accounts on February 8.
- IRA Financial Trust Tweeted that it has discovered suspicious activity that has affected a limited subset of its customers with accounts on the Gemini cryptocurrency exchange.
IRA Financial hacked for $36M. According to a Bloomberg report based on an anonymous source, hackers stole $21 million in Bitcoin and $15 million in Ethereum from IRA Financial Trust retirement accounts on February 8. For nearly a week, the FinTech startup, which manages individual retirement accounts in non-traditional assets, has been dealing with allegations of a major hack.
On February 8, 2022, IRA Financial Trust tweeted that it had discovered suspicious activity that has affected a limited subset of its customers with accounts on the Gemini cryptocurrency exchange. They further noted that We have provided individual notification to all affected customers and have separately notified non-impacted customers. Due to the ongoing investigation, we cannot comment on individual queries. The same notice now appears on its website.
People joined IRA Financial Trust intending to accumulate a cryptocurrency nest egg. But, sadly, some of the users said that their retirement accounts were drained, frozen and locked, and they have very little explanation of what will happen next. It’s been nearly a week since an apparent security breach threw IRA Financial’s clients into a panic mode with over $36 million of peoples retirement savings in jeopardy. But unfortunately, there has been no full explanation from either IRA Financial or Gemini.
IRA Financial or Gemini was the crypto exchange owned by the Winklevoss twins, Cameron and Tyler, and custodian where their crypto was held. They’ve begun organizing a response to crypto’s latest hack. Users, who appear to number in the dozens, had begun contacting news organizations and regulators, asking how they lost potentially millions of dollars on February 8, when an apparent bad actor began withdrawing funds from Gemini in bulk.
The apparent victims tell that they are caught in a tangle of incomplete facts that only complicate an already complicated situation. Even the most basic details, such as how many accounts were compromised and who (if anyone) will cover their losses, are unknown. As a result, some receive occasional terse email updates from IRA Financial, while others are forced to call every day.
What is clear is that last Tuesday, around 5 p.m. ET, an account labelled “Benjamin Choe” began withdrawing bitcoin, ether, and US dollars from user accounts. One user claimed that despite multiple account security layers, such as two-factor authentication, he lost 13 ETH, 1 BTC, and thousands of dollars in a matter of minutes.
Gemini says it was not hacked, but IRA Financial Trust has acknowledged an incident and is investigating it. However, Gemini Head of Communications Carolyn Vadino told Decrypt: “Gemini’s systems have not been hacked or compromised in any way. We are aware that IRA Financial experienced a security incident last week and have offered assistance to IRA Financial in their investigation. While IRA Financial’s accounts are serviced on the Gemini platform, Gemini does not manage the security of IRA Financial’s systems.”
Gemini’s emails to customers paint a slightly more precise picture of what happened. The email stated, “Although our investigation remains ongoing, the facts discovered to date indicate that transfer requests were made by utilizing properly authenticated accounts controlled by IRA Financial Group, which were used to execute asset transfers to another account. At the time, these requests complied with IRA’s approval processes and appeared to Gemini to be legitimate, authorized transactions. To date, our investigation has found no indication of any unauthorized access to your account resulting from any security failure or breach of Gemini systems.”
Gemini’s email places the entire blame on IRA Financial. According to Gemini, it would also absolve it of any responsibility to cover the loss with its insurance policy. Gemini advised the customer to inquire about IRA Financial’s insurance policy. By chance, IRA Financial’s Bergman went in deep on the issue of crypto IRA insurance just last month. “Are crypto IRAs insured?” he asked viewers on January 28. “We’re insured,” Bergman said, referring to cash deposits covered by the Federal Deposit Insurance Corporation (FDIC). He later implied that Gemini was responsible for covering the crypto deposits themselves.
In the video’s comments section, IRA Financial’s YouTube account took a stricter stance by saying, “Technically, only cash is only FDIC insured at a bank. Gemini is not a bank, so FDIC insurance technically does not protect the cash. However, the cash will likely not sit for long in your Gemini account, as you will be buying cryptos. Gemini is regulated and insured against theft, so your cryptos are protected.”
