• The lawsuit follows the $36 million theft of IRA customers' funds from Gemini
  • IRA alleges that Gemini had weak security which led to the theft
  • Gemini facing a separate lawsuit over a Bitcoin project from U.S. regulators

IRA Financial Trust (IRA), a platform for self-directed retirement and pension accounts, has filed a lawsuit against Gemini cryptocurrency exchange and custodian over the theft of $36 million worth of crypto assets that belonged to its customers' retirement accounts that were stored in the exchange's custody.

IRA said it is working on a solution for the affected customers and plans to pledge the proceeds from the lawsuit to reimburse its customers who lost their funds as a result of the theft which occurred on Feb. 8.

According to the investigation conducted by CoinDesk and statements taken from the victims of the theft, the victims put strict restrictions on their accounts including withdrawal address whitelisting, two-factor authentication, email notifications and other steps. Gemini had allegedly refused to take responsibility for the same and blamed the IRA Financial Trust for the theft.

The FBI is currently investigating the case, an officer told CoinDesk.

Interestingly, officers responded to reports of an alleged "robbery" at IRA's office in Sioux Falls, South Dakota, on the day the cyber theft took place, Coindesk cited a victim as being told by a detective on Feb. 15. They found no robbery, and considered it a "swatting" incident. But when IRA employees returned to the desk, they found customers' accounts hacked and money being actively taken out, the report said.

IRA alleged in a statement that the exchange did not have proper security features in place to protect customer crypto assets, which resulted in the theft. Gemini Trust Company was founded by the Winklevoss twins. The exchange is facing a separate lawsuit filed by the Commodity Futures Trading Commission for allegedly giving misleading answers in 2017 about a Bitcoin project.

"The lawsuit also claims that Gemini failed to freeze accounts within a sufficient timeframe immediately following the incident, allowing the criminals to continue moving funds out of customers' accounts on the Gemini exchange after IRA notified Gemini," IRA said.

IRA Financial Trust also claimed that "Gemini strongly pressured IRA to switch from using Gemini's web-based platform to the Gemini API—Application Programming Interface—which Gemini said would streamline the process of onboarding customers." It said the API was allegedly "designed with only a single point of failure."

IRA Financial Trust claims in the lawsuit that Gemini permitted the theft to occur and, "contrary to its representations, did not detect them with anti-fraud systems. Amazingly, it was IRA that had to alert Gemini—the so-called leader in safeguarding crypto-assets—of the obvious fraud occurring on Gemini's platform."