This past week, co-defendants in a class action related to the theft of cryptocurrency engaged in their own lawsuit over alleged security failures.  IRA Financial Trust, a retirement account provider offering crypto-assets, sued class action co-defendant Gemini Trust Company, LLC, a crypto-asset exchange owned by the Winklevoss twins, following a breach of IRA customer accounts.  IRA claims that Gemini failed to secure a “master key” to IRA’s accounts, and that hackers were able to exploit this alleged security flaw to steal tens of millions of dollars of cryptocurrency.  This lawsuit demonstrates the growing trend of cryptocurrency thefts resulting from cyber breaches, and ensuing litigation activity.

IRA Financial Trust v. Gemini Trust Company, LLC, 1:22-cv-04672 (S.D.N.Y. June 6, 2022), stems from an alleged cyber incident in February 2022.  IRA provides self-directed retirement accounts, and in 2019 began allowing its customers to include crypto assets in such accounts.  To supply these services, IRA employed Gemini’s crypto exchange service to manage the trading and custody of its customers’ crypto assets.  Following a response by SWAT officers to IRA’s offices in Sioux Falls, South Dakota in response to a purported kidnapping, IRA claims that it discovered cryptocurrency was being transferred within the Gemini program from other IRA customer accounts into one single account, and that roughly $37 million of bitcoin and Ether assets were subsequently transferred out of that account by the hackers.  IRA alleges that this hack resulted from insufficient protection of a “master key” to IRA’s accounts, and avers in its fraud claim that Gemini made misleading statements about their commitment to cybersecurity that induced IRA to select Gemini as a partner.

IRA and Gemini are co-defendants in a class action lawsuit filed in the Northern District of California in March of this year by a plaintiff purporting to represent customers who claim to have lost the cryptocurrency held in their retirement accounts as a result of this alleged breach.  Griffin v. Gemini Trust Co., LLC and IRA Financial Trust Co., 3:22-cv-01747 (N.D.C.A. March 18, 2022).  In that action, Gemini responded with a motion to compel arbitration. While litigation related to cybersecurity incidents, including class actions, have become increasingly common, the rise in the number and sophistication of cyber theft from businesses associated with the trading and holding of crypto assets is likely to result in increasing litigation activity in this space.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Sam Greeley Sam Greeley

Samuel Greeley is an associate in the firm’s Washington, DC office representing clients in government investigations and complex civil litigation.

Photo of Ashley Simonsen Ashley Simonsen

Ashley Simonsen is a litigator whose practice focuses on defending complex class actions in state and federal courts across the country, with substantive experience in the three hotbeds of class action litigation: New York, San Francisco, and Los Angeles.

Ashley represents clients in…

Ashley Simonsen is a litigator whose practice focuses on defending complex class actions in state and federal courts across the country, with substantive experience in the three hotbeds of class action litigation: New York, San Francisco, and Los Angeles.

Ashley represents clients in the technology, consumer brands, financial services, and sports industries through all stages of litigation, including trial, with a strong track record of success on early dispositive motions. Her practice encompasses advertising, antitrust, product defect, and consumer protection matters. Ashley regularly advises companies on arbitration clauses in consumer agreements and related issues, including mass arbitration risks and issues arising under McGill v. Citibank, N.A. And she is one of the nation’s leading experts on “true lender” issues and the related “valid when made” doctrine.

Photo of Micaela McMurrough Micaela McMurrough

Micaela McMurrough has represented clients in high-stakes antitrust, patent, trade secrets, contract, and securities litigation, and other complex commercial litigation matters, and serves as co-chair of Covington’s global and multi-disciplinary Internet of Things (IoT) group. She also represents and advises domestic and international…

Micaela McMurrough has represented clients in high-stakes antitrust, patent, trade secrets, contract, and securities litigation, and other complex commercial litigation matters, and serves as co-chair of Covington’s global and multi-disciplinary Internet of Things (IoT) group. She also represents and advises domestic and international clients on cybersecurity and data privacy issues, including cybersecurity investigations and cyber incident response. Micaela has advised clients on data breaches and other network intrusions, conducted cybersecurity investigations, and advised clients regarding evolving cybersecurity regulations and cybersecurity norms in the context of international law.

In 2016, Micaela was selected as one of thirteen Madison Policy Forum Military-Business Cybersecurity Fellows. She regularly engages with government, military, and business leaders in the cybersecurity industry in an effort to develop national strategies for complex cyber issues and policy challenges. Micaela previously served as a United States Presidential Leadership Scholar, principally responsible for launching a program to familiarize federal judges with various aspects of the U.S. national security structure and national intelligence community.

Prior to her legal career, Micaela served in the Military Intelligence Branch of the United States Army. She served as Intelligence Officer of a 1,200-member maneuver unit conducting combat operations in Afghanistan and was awarded the Bronze Star.