Hackers snagged $36 million in cryptocurrency in breach of IRA Financial

Hackers snagged $36 million in cryptocurrency in breach of IRA Financial
Company has launched investigation and contacted law enforcement because Bitcoin and Ethereum were snatched from IRA users on Feb. 8.
FEB 15, 2022

A hack at IRA Financial Trust, which offers self-directed retirement accounts, resulted in the theft of $36 million in cryptocurrency, according to a person familiar with the investigation.

In a statement, IRA Financial Trust said on Feb. 8 it discovered “suspicious activity that has affected a limited subset of our customers with accounts on the Gemini cryptocurrency exchange. Upon discovery, we immediately launched an investigation and contacted state and federal law enforcement.”

That same day, unidentified hackers drained $21 million in Bitcoin and $15 million in Ethereum from the accounts of IRA Financial Trust customers, the person said. IRA allows its customers to purchase cryptocurrency through a partnership with the cryptocurrency exchange Gemini Trust Co.

Blockchain analysis firm Chainalysis Inc. said it was tracking the $36 million in cryptocurrency stolen from IRA customers, and said that it is being laundered through a “mixer” service known as Tornado. A representative for Tornado didn’t immediately respond to a request for comment.

It’s not clear who may end up being responsible for the lost funds. IRA Financial spokesperson Maria Stagliano said the company’s investigation is primarily focused on security controls that IRA Financial claims weren’t offered or available from Gemini. She declined to say which controls IRA Financial had in place.

Stagliano also declined to answer questions about who may be behind the hack and hasn’t provided details on any plan to repay users whose cryptocurrency was stolen.

In a statement, Gemini pushed back, saying that it offers a number of security controls for institutional clients such as IRA Financial, including two-factor authentication which is mandatory on all accounts and approved addresses, a Gemini spokesperson said.

Gemini said it wasn’t breached, and that it was offering to assist IRA Financial Trust in its investigation.

“We are aware that IRA Financial experienced a security incident last week,” the company said, in a statement. “While IRA Financial’s accounts are serviced on the Gemini platform, Gemini does not manage the security of IRA Financial’s systems.”

Apparent IRA Financial users posting in forums on Reddit Inc. said they experienced their crypto accounts being emptied, with thieves directing stolen funds to a Roth IRA account with the name “Benjamin Choe.” The funds from the Choe account were subsequently sent to services that are often used to launder cryptocurrency. Some users said that cash stored in their accounts was also taken.

“I only had cash in my Gemini account, no coin, and it was all taken in multiple transfers to Choe at $10k per transfer,” one Reddit user wrote. “So, in only 15 seconds they moved all my cash.”

Another user wrote, “All of my BTC and Ether have also been transferred out. I can confirm that they only transferred out whole units and left a small fraction of BTC and my cash.” The user added, “Transfers were made out to the Choe Roth in multiple 1 whole unit coin transactions.”

Latest News

Osaic executives Kristy Britt and Greg Cornick to leave
Osaic executives Kristy Britt and Greg Cornick to leave

The firm's CFO and EVP of Wealth Management Solutions are the latest executives to exit the broker-dealer.

Estate planning becomes a client retention issue for financial advisors, survey finds
Estate planning becomes a client retention issue for financial advisors, survey finds

Clients are saying they would consider switching advisors if another professional offered estate planning services, according to a new Trust & Will survey.

Candidly adds AI agents for Trump Accounts, workplace benefits
Candidly adds AI agents for Trump Accounts, workplace benefits

CEO Laurel Taylor says the fintech's composable AI stack helps workers optimize dollars across Trump Accounts, 529s, 401(k)s, and other employee benefits.

BMO adds three advisors in Dallas amid Y'all Street wealth boom
BMO adds three advisors in Dallas amid Y'all Street wealth boom

The bank has swiped three private banking veterans from BNY as the city climbs the ranks of America's fastest-growing wealth hubs.

UBS moves toward full-service US bank as plans to extend wealth business
UBS moves toward full-service US bank as plans to extend wealth business

Employee accounts, crypto trials and job cuts frame a pivotal year for the Swiss lender.

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income

SPONSORED Why direct indexing stopped being optional

Direct indexing is on pace to outgrow ETFs and mutual funds. Northern Trust's Ken Lassner explains why the advisors who get it wish they had started sooner.