The attacker withdrew assets from retirement savings accounts managed by IRA Financial Trust on the Gemini bitcoin exchange. According to a Bloomberg source, the damage amounted to $36 million in bitcoin and Ethereum.
On the forums on Reddit, the affected customers reported the transfer of their assets to the accounts of an unknown person under the pseudonym Benjamin Choe. Others in an interview with CoinDesk reported the blocking of funds without any explanation and difficulties in obtaining information from representatives of the IRA Financial Trust.
On the day of the hack on February 8, the firm urged to beware of phishing, and after the incident briefly reported that it had become a target of hackers. As a precautionary measure, IRA Financial Trust suspended access to customer accounts.
Five days later, the firm announced that “all funds are safe.” According to the statement, “suspicious activity affected a limited number of customers.” The employees started an investigation and contacted law enforcement agencies.
Chainalysis specialists have recorded the use of a Tornado Cash mixer by an attacker.
Representatives of the IRA Financial Trust said they were studying controls for vulnerabilities and did not provide details of a refund plan for affected users.
Gemini stressed that the security measures offered for institutional clients like IRA Financial are mandatory for all accounts and approved addresses. The bitcoin exchange ruled out compromising the system and announced its readiness to assist IRA Financial Trust in investigating the incident.
“While IRA Financial accounts are maintained by Gemini, the platform does not manage the security of the pension provider. […] To date, we have not identified any signs of unauthorized access to the IRA Financial account as a result of any security failure or violation of Gemini systems,” the company explained.
IRA Financial did not respond to CoinDesk’s request about the company’s insurance policy against embezzlement.
Recall that a white hacker discovered a vulnerability in the Coinbase retail trading platform.