As a long-term crypto investor with a deep understanding of the industry and its risks, I can’t help but feel dismayed and concerned by the series of events surrounding Gemini, a well-known cryptocurrency exchange. The settlement between Gemini and IRA Financial Trust over stolen funds from senior citizens’ accounts in 2022 left a sour taste in my mouth.


In early 2022, there was a legal dispute between Gemini and IRA Financial Trust. IRA Trust filed a lawsuit against Gemini due to concerns about the exchange’s security measures. The issue at hand was that an unauthorized individual managed to obtain IRA’s master key on Gemini, resulting in the theft of funds from multiple accounts overseen by IRA. These accounts contained life savings for senior citizens. Eventually, the two parties reached a settlement.

In its 2022 filing, IRA expressed confidence in choosing Gemini for securing cryptocurrency assets due to the exchange’s strong emphasis on security. However, it later became clear that Gemini had a vulnerability – a single point of failure – which remained hidden and allowed a hacker to perpetrate the crime. Unfortunately, Gemini’s security measures were not entirely transparent, preventing IRA from fully understanding this weakness.

“Gemini urged IRA (Irish Retirement Association) to shift from their current web-platform provided by Gemini, to instead use Gemini’s API (Application Programming Interface), asserting that this change would simplify the customer onboarding process.”

Based on my extensive experience in the cryptocurrency industry and having worked with various exchanges and trading platforms, I strongly believe that Gemini, despite its numerous claims about security, made a grave oversight in designing its API with a single point of failure. This design flaw puts all crypto assets held by their institutional customers at significant risk. Imagine being an institutional investor, like IRA, trusting an exchange to safeguard millions of dollars’ worth of digital assets. If this single point of failure is breached by a malicious actor, they could potentially steal all the cryptocurrencies belonging to that institution’s clients. Such a situation is unacceptable and goes against the very essence of trust and security in the crypto world. I believe it’s crucial for exchanges like Gemini to prioritize multi-factor security measures to protect their users and investors from potential theft or loss.

The Southern District of New York’s United States District Court dismissed the two-year-old lawsuit between the parties. Yet, they have kept the financial aspects of their settlement confidential.

Recently, Gemini reached a settlement with both the New York Department of Financial Services (NYDFS) and the New York Attorney General’s Office over allegations that they illegally sold securities to New York residents through their ‘Earn’ program. As a result, Attorney General Letitia James was able to secure $50 million for distribution among affected users. In addition, NYDFS mandated Gemini to pay an extra $1.1 billion in compensation to these same users.

 

Read More

2024-07-20 21:28