Gemini (via IRA Financial Trust)

On February 8, 2022, IRA Financial Trust, a crypto retirement account provider using Gemini’s custody services, was hit by a brazen hack, losing $37 million in Bitcoin, Ethereum, and USD from client accounts, as reported by CoinDesk. Detected at 17:00 ET, the attacker, using an account labeled “Benjamin Choe,” exploited IRA Financial’s master key to bypass security measures like 2FA, draining accounts over two hours, per Etherscan (0x8b7b…).

A SWAT team, likely a diversion, descended on IRA Financial’s headquarters, per the lawsuit filed against Gemini. Gemini, with $7 billion daily trading volume per CoinMarketCap, denied a breach, claiming IRA Financial’s authenticated requests appeared legitimate, per Twitter (@Gemini).

IRA Financial paused account access, notified law enforcement, and hired forensic specialists, but offered sparse updates, leaving dozens of victims, who lost up to $2 million collectively, frustrated, per Reddit (r/CryptoCurrency).

No funds were recovered, and IRA Financial sued Gemini, alleging inadequate master key security, per the article. One of 305 hacks in 2022, costing $3.7 billion, per Chainalysis, this incident, alongside Bitbns’ $7.5 million loss, exposed custodial vulnerabilities. In the crypto jungle, where master keys can unlock fortunes, this heist, complete with a SWAT team ruse, reads like a Hollywood thriller, urging exchanges to lock down keys, bolster real-time defenses, and keep clients in the loop to avoid becoming the next plot twist.