Gemini is staring at a grueling court case after a leading pensioners’ fintech startup, IRA Financial Trust filed a lawsuit against the crypto exchange seeking compensation over the loss of $36 million in crypto assets earlier this year.
The suit which was brought against “Gemini Trust Company” claimed that the said assets belonged to customers’ retirement accounts and were lost as a result of Gemini’s negligence. The pensioners’ accounts were impacted following an exploit on February 8, 2022, against Gemini which resulted in the loss of $21 million in Bitcoin and $15 million in Ethereum.
At the time, Gemini had denied the allegations of a hack with the exchange’s head of communications referring to the IRA case as a “security incident” based on a report by Decrypt. More than three months down the line, Gemini is yet to refund victims of the exploit, leading up to the lawsuit at hand.
“IRA Financial filed this lawsuit because, contrary to Gemini’s many public statements about how it prioritizes security, Gemini’s platform inexplicably had a single point of failure that allowed criminals to steal tens of millions of dollars of crypto assets from customer retirement accounts,” said Eric Ostroff who is representing IRA Financial Trust. “This lawsuit seeks to remedy the massive damage that IRA suffered. IRA looks forward to proving its claims in court.”
According to court documents, IRA Financial Trust alleges that Gemini is to blame for the loss for overlooking and not being transparent about its platform’s security features despite there being some glaring technical weaknesses. “Contrary to Gemini’s many representations about security, Gemini designed its API with a single point of failure.” Said IRA, citing court documents. “If breached, this single point of failure allowed a bad actor to steal all crypto assets held by the customers of an institutional customer, like IRA.”
The pensioner’s startup also blamed the crypto exchange for poor coordination during the incident. Despite being notified of “suspicious activity”, Gemini allegedly failed to freeze accounts within sufficient time giving the criminals enough time to continue draining clients’ funds. “Once IRA discovered the hack, it was left to frantically email Gemini—again and again—to get all accounts frozen,” IRA added. “Remarkably, it took six emails from IRA and nearly two hours for Gemini to freeze all customer accounts.”
Gemini did not immediately respond to ZyCrypto for a comment.