A hack at IRA Financial Trust, which offers self-directed retirement accounts, resulted in the theft of $36 million in cryptocurrency, according to a person familiar with the investigation.
In a statement, IRA Financial Trust said on Feb. 8 it discovered “suspicious activity that has affected a limited subset of our customers with accounts on the Gemini cryptocurrency exchange. Upon discovery, we immediately launched an investigation and contacted state and federal law enforcement.”
That same day, unidentified hackers drained $21 million in Bitcoin and $15 million in Ethereum from the accounts of IRA Financial Trust customers, the person said. IRA allows its customers to purchase cryptocurrency through a partnership with the cryptocurrency exchange Gemini Trust Co.
Blockchain analysis firm Chainalysis Inc. said it was tracking the $36 million in cryptocurrency stolen from IRA customers, and said that it is being laundered through a “mixer” service known as Tornado. A representative for Tornado didn’t immediately respond to a request for comment.
It’s not clear who may end up being responsible for the lost funds. IRA Financial spokesperson Maria Stagliano said the company’s investigation is primarily focused on security controls that IRA Financial claims weren’t offered or available from Gemini. She declined to say which controls IRA Financial had in place.
Stagliano also declined to answer questions about who may be behind the hack and hasn’t provided details on any plan to repay users whose cryptocurrency was stolen.
In a statement, Gemini pushed back, saying that it offers a number of security controls for institutional clients such as IRA Financial, including two-factor authentication which is mandatory on all accounts and approved addresses, a Gemini spokesperson said.
Gemini said it wasn’t breached, and that it was offering to assist IRA Financial Trust in its investigation.
“We are aware that IRA Financial experienced a security incident last week,” the company said, in a statement. “While IRA Financial’s accounts are serviced on the Gemini platform, Gemini does not manage the security of IRA Financial’s systems.”
Apparent IRA Financial users posting in forums on Reddit Inc. said they experienced their crypto accounts being emptied, with thieves directing stolen funds to a Roth IRA account with the name “Benjamin Choe.” The funds from the Choe account were subsequently sent to services that are often used to launder cryptocurrency. Some users said that cash stored in their accounts was also taken.
“I only had cash in my Gemini account, no coin, and it was all taken in multiple transfers to Choe at $10k per transfer,” one Reddit user wrote. “So, in only 15 seconds they moved all my cash.”
Another user wrote, “All of my BTC and Ether have also been transferred out. I can confirm that they only transferred out whole units and left a small fraction of BTC and my cash.” The user added, “Transfers were made out to the Choe Roth in multiple 1 whole unit coin transactions.”
The firm's CFO and EVP of Wealth Management Solutions are the latest executives to exit the broker-dealer.
Clients are saying they would consider switching advisors if another professional offered estate planning services, according to a new Trust & Will survey.
CEO Laurel Taylor says the fintech's composable AI stack helps workers optimize dollars across Trump Accounts, 529s, 401(k)s, and other employee benefits.
The bank has swiped three private banking veterans from BNY as the city climbs the ranks of America's fastest-growing wealth hubs.
Employee accounts, crypto trials and job cuts frame a pivotal year for the Swiss lender.
Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income
Direct indexing is on pace to outgrow ETFs and mutual funds. Northern Trust's Ken Lassner explains why the advisors who get it wish they had started sooner.