Media: Unknown actor withdrew $36 million from IRA Financial Trust’s pension crypto accounts

The attacker moved assets from the managed IRA Financial Trust pension accounts to the Gemini Bitcoin exchange. According to Bloomberg, the loss totaled $36 million in Bitcoin and Ethereum.

On Reddit forums, affected clients reported transfers of their assets to accounts controlled by an individual using the alias Benjamin Choe. Others, in interviews with CoinDesk, reported funds being blocked without explanation and difficulties obtaining information from IRA Financial Trust representatives.

On the day of the breach, February 8, the firm urged customers to beware of phishing, and after the incident said that it had become a target of hackers. As a precaution, access to client accounts at IRA Financial Trust was suspended.

Five days later, the firm said that “all funds are safe”. According to the statement, “the suspicious activity affected a limited number of clients”. Staff began an investigation and contacted law enforcement.

pic.twitter.com/QWn1KTS6ph

— IRA Financial (@TheIRAFinancial) February 13, 2022

Chainalysis specialists noted the attacker’s use of the Tornado Cash mixer.

Representatives of IRA Financial Trust said they were examining controls for vulnerabilities and did not provide details of a plan to return funds to affected users.

Gemini stressed that the security measures offered for institutional clients like IRA Financial Trust are mandatory for all accounts and approved addresses. The Bitcoin exchange said there was no compromise of its systems and expressed readiness to assist IRA Financial Trust in investigating the incident.

“While IRA Financial accounts are serviced by Gemini, the platform does not manage the security of the pension program provider. … To date, we have found no signs of unauthorized access to the IRA Financial account as a result of any security-system failure or breach of Gemini’s systems”, the company explained.

IRA Financial did not respond to CoinDesk’s request about whether the company holds an insurance policy covering theft of funds.

Earlier, a white-hat hacker discovered a vulnerability in Coinbase’s retail trading platform.

Subscribe to ForkLog News on Telegram: ForkLog Feed — all the news feed, ForkLog — the most important news, infographics and opinions