Stoltmann Law Offices is a Chicago-based securities, investment fraud, and class action law firm offering representing to defrauded investors and victims of fraud nationwide on a contingency fee basis. We have been closely monitoring allegations that IRA Financial Trust account owners had over $36 million in crypto-currency stolen from their IRAs through a hack of their system on or around February 8, 2022. IRA Financial partners with Gemini Trust Co. to offer the opportunity for its self-directed retirement account clients to invest in cryptocurrency. IRA Financial represents on its website that “Our Trust company’s focus on compliance and security is based on three principles: State regulated, Industry-leading technology, and FDIC protection of cash up to $250,000 through Capital One.” The company goes on the admit that it “must meet the capitalization, compliance, anti-money laundering, consumer protection, and cybersecurity requirements set forth by the South Dakota Division of Banking, and protect the interests of our customers first and foremost.” In specifically representing their stringent “Infrastructure Security”, IRA Financial Trust represents that:
- We leverage the content-security policy (CSP) and HTTP Strict Transport Security (HSTS) features found in modern browsers.
- We partner with enterprise vendors to mitigate distributed denial-of-service (DDoS) attacks.
- Internal-only sections of our website have separate access controls and are not exposed to the public Internet.
IRA Financial also explains additional “Internal Controls” it allegedly has in place to protect customer assets, such as including multiple signatures to move funds, storing data on cloud-based servers, requiring verbal authorization, ongoing criminal and credit checks on employees and that their offices “do not store or contain anything of value, including any crypto private keys.”
Unfortunately, given that IRA Financial allowed $21 million of Bitcoin and $15 million in Ethereum to be stolen from its customers, they clearly were not implementing all of the necessary protections that it touted publicly to customers. Some customers have reported that cash was also stolen from their accounts through this hack. According to Chainalysis Inc., which analyzed the hack, the cryptocurrency was stolen using Tornado, which is cryptocurrency mixing or tumbler service. The role of mixing services is to increase anonymity of cryptocurrency transactions, which are otherwise visible through a register of transactions. Cryptocurrency owners can transfer their money to a mixing service to then essentially mix their transaction with other crypto transactions to increase anonymity. The legality of mixing services is debated, and some exchanges ban them.
Customers reported that their account activity reflects their cryptocurrency was transferred to a Roth IRA in the name of “Benjamin Choe”. From the “Choe” account, the funds were then sent to services that are often utilized to launder cryptocurrency. Representatives for both IRA Financial and Gemini have made vague statements that they had proper security measures in place, and that they are currently investigating the hack. Neither company has provided any details regarding repaying clients the $36 million in cryptocurrency stolen from them.
IRA Financial knowingly and willingly partnered with Gemini and opened its customers up to the risks that are knowingly present in the cryptocurrency industry. Wide-spread hacking and fraud issues in trading crypto have been common knowledge for years, putting IRA Financial Trust on notice of the risks of facilitating cryptocurrency investments. The primary responsibility of IRA custodians, like IRA Financial Trust, is to protect the retirement assets of its customers. By failing to have the proper protections in place, and failing to implement those procedures to protect the retirement nests eggs of its customers, IRA Financial has breached the single most important duty that it owed its customers.
Stoltmann Law Offices is currently investigating IRA Financial Trust’s breaches of duty in connection with this massive and potentially devastating hack of retirement accounts. If you are one of the victims of IRA Financial’s hack and had your money or cryptocurrency stolen, contact our office immediately for a free evaluation. We work on a contingency fee basis, so we don’t get paid until you do.