The Winklevoss twins might soon head to court. The Vergenotes retirement savings firm IRA Financial Trust has sued the twins' crypto exchange Gemini over allegations the business didn't adequately protect customers against a February 8th breach where intruders stole $36 million in Bitcoin and Ethereum assets. The company didn't have "proper safeguards" to prevent the theft, according to IRA, and didn't freeze accounts quickly enough to block the thieves from transferring money.
The trust firm specifically rejected claims that Gemini's protections prevented a "single point of failure." Gemini made IRA the parent account for its customers (who use sub-accounts), and gave it a "master key" that was reportedly exchanged in numerous insecure emails. Combine that with security flaws in Gemini's system and you probably know what happened next — hackers got control of IRA's key, moved the crypto into a single user's retirement account, and withdrew the digital cash. The perpetrators also appear to have swatted Gemini during the February incident, making a fake kidnapping call to police.
Gemini's other security measures didn't hold up, the IRA added. It supposedly shouldn't have been possible to transfer money between accounts if the exchange had either properly implemented two-factor authentication or prohibited transfers between retirement funds. The trust noted that it didn't have the power to freeze accounts itself, and that it took six emails to lock down all affected users. We've asked Gemini for comment.
This adds to mounting problems for the Winkelvoss' outfit. It recently laid off 10 percent of staff to deal with a plunge in the cryptocurrency market, and the Commodity Futures Trading Commission sued Gemini for purportedly misleading customers in parts of its exchange and futures contract. While none of these problems may necessarily be fatal, they suggest the Winklevii could face financial trouble for a while to come.
Update 6/8 9:08AM ET: Gemini told Engadget in a statement that it "reject[s]" the allegations, and that the attackers targeted IRA rather than the exchange. It claimed that no Gemini systems were compromised, and that it "acted quickly" to help IRA following the breach.