[BreachExchange] Hackers snagged $36 million in cryptocurrency in breach of IRA Financial

Tue Feb 15 14:55:38 EST 2022

https://www.investmentnews.com/hackers-snagged-36-million-in-cryptocurrency-in-breach-of-ira-financial-217308

In a statement, IRA Financial Trust said on Feb. 8 it discovered
“suspicious activity that has affected a limited subset of our customers
with accounts on the Gemini cryptocurrency exchange. Upon discovery, we
immediately launched an investigation and contacted state and federal law
enforcement.”

That same day, unidentified hackers drained $21 million in Bitcoin and $15
million in Ethereum from the accounts of IRA Financial Trust customers, the
person said. IRA allows its customers to purchase cryptocurrency through a
partnership with the cryptocurrency exchange Gemini Trust Co.

Blockchain analysis firm Chainalysis Inc. said it was tracking the $36
million in cryptocurrency stolen from IRA customers, and said that it is
being laundered through a “mixer” service known as Tornado. A
representative for Tornado didn’t immediately respond to a request for
comment.

It’s not clear who may end up being responsible for the lost funds. IRA
Financial spokesperson Maria Stagliano said the company’s investigation is
primarily focused on security controls that IRA Financial claims weren’t
offered or available from Gemini. She declined to say which controls IRA
Financial had in place.

Stagliano also declined to answer questions about who may be behind the
hack and hasn’t provided details on any plan to repay users whose
cryptocurrency was stolen.

In a statement, Gemini pushed back, saying that it offers a number of
security controls for institutional clients such as IRA Financial,
including two-factor authentication which is mandatory on all accounts and
approved addresses, a Gemini spokesperson said.

Gemini said it wasn’t breached, and that it was offering to assist IRA
Financial Trust in its investigation.

“We are aware that IRA Financial experienced a security incident last
week,” the company said, in a statement. “While IRA Financial’s accounts
are serviced on the Gemini platform, Gemini does not manage the security of
IRA Financial’s systems.”

Apparent IRA Financial users posting in forums on Reddit Inc. said they
experienced their crypto accounts being emptied, with thieves directing
stolen funds to a Roth IRA account with the name “Benjamin Choe.” The funds
from the Choe account were subsequently sent to services that are often
used to launder cryptocurrency. Some users said that cash stored in their
accounts was also taken.

“I only had cash in my Gemini account, no coin, and it was all taken in
multiple transfers to Choe at $10k per transfer,” one Reddit user wrote.
“So, in only 15 seconds they moved all my cash.”

Another user wrote, “All of my BTC and Ether have also been transferred
out. I can confirm that they only transferred out whole units and left a
small fraction of BTC and my cash.” The user added, “Transfers were made
out to the Choe Roth in multiple 1 whole unit coin transactions.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220215/34a7805b/attachment.html>