Winkelvoss twins' crypto exchange faces lawsuit over $36 million theft (updated)

An investment firm says Gemini didn't have enough security in place.

Sponsored Links

MIAMI, FLORIDA - JUNE 04:  Tyler Winklevoss and Cameron Winklevoss (L-R), creators of crypto exchange Gemini Trust Co. on stage at the Bitcoin 2021 Convention, a crypto-currency conference held at the Mana Convention Center in Wynwood on June 04, 2021 in Miami, Florida. The crypto conference is expected to draw 50,000 people and runs from Friday, June 4 through June 6th.
Joe Raedle/Getty Images

The Winklevoss twins might soon head to court. The Verge notes retirement savings firm IRA Financial Trust has sued the twins' crypto exchange Gemini over allegations the business didn't adequately protect customers against a February 8th breach where intruders stole $36 million in Bitcoin and Ethereum assets. The company didn't have "proper safeguards" to prevent the theft, according to IRA, and didn't freeze accounts quickly enough to block the thieves from transferring money.

The trust firm specifically rejected claims that Gemini's protections prevented a "single point of failure." Gemini made IRA the parent account for its customers (who use sub-accounts), and gave it a "master key" that was reportedly exchanged in numerous insecure emails. Combine that with security flaws in Gemini's system and you probably know what happened next — hackers got control of IRA's key, moved the crypto into a single user's retirement account, and withdrew the digital cash. The perpetrators also appear to have swatted Gemini during the February incident, making a fake kidnapping call to police. 

Gemini's other security measures didn't hold up, the IRA added. It supposedly shouldn't have been possible to transfer money between accounts if the exchange had either properly implemented two-factor authentication or prohibited transfers between retirement funds. The trust noted that it didn't have the power to freeze accounts itself, and that it took six emails to lock down all affected users. We've asked Gemini for comment.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

This adds to mounting problems for the Winkelvoss' outfit. It recently laid off 10 percent of staff to deal with a plunge in the cryptocurrency market, and the Commodity Futures Trading Commission sued Gemini for purportedly misleading customers in parts of its exchange and futures contract. While none of these problems may necessarily be fatal, they suggest the Winklevii could face financial trouble for a while to come.

Update 6/8 9:08AM ET: Gemini told Engadget in a statement that it "reject[s]" the allegations, and that the attackers targeted IRA rather than the exchange. It claimed that no Gemini systems were compromised, and that it "acted quickly" to help IRA following the breach.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
View All Comments
Winkelvoss twins' crypto exchange faces lawsuit over $36 million theft (updated)