Danny Nelson
Danny is CoinDesk's deputy business editor. He owns BTC, ETH and SOL.
IRA Financial Trust was being “swatted” at the time the retirement investment company was hacked for $36 million worth of cryptocurrency, according to a local police account obtained by CoinDesk.
A detective at the Sioux Falls police department recounted the chain of events to a victim of the hack in a Feb. 15 voicemail reviewed by CoinDesk. Officers responded to reports of an alleged “robbery” in progress at IRA Financial Trust’s offices in the South Dakota city on the afternoon of Feb. 8, the detective said.
Police officers quickly determined the robbery call was bogus, the detective said. He described the incident as “swatting”: the practice of tricking police into responding to a nonexistent crisis.
There was a robbery, however – but it was happening in cyberspace, not the Midwest.
“What we were then informed of was that once the employees returned to their desks, after, like, while this ‘robbery’ was taking place or whatever, once they got back to their desks, they all found that customers’ accounts had been hacked into and that money was actively being taken at that time,” the officer said in the voicemail. He did not immediately respond to a request for comment from CoinDesk.
He said in the voicemail that IRA Financial soon managed to stop the money drain. “But by that point roughly a number of minutes had passed and a lot of damage had been done. They reported hundreds of victims as a result of this.”
The officer said he was sharing this information with the victim because "it doesn’t appear that [IRA Financial is] telling their customers very much."
In a statement, IRA Financial Trust said it was “aware” of the law enforcement’s recounting of events.
“Coordinated efforts like these emphasize the growing sophistication of cybercrime that make cyber threats both difficult to prevent and challenging to recover from,” the company said. “We are currently dedicating our attention and efforts to our active investigation and the potential recovery of funds through civil and law enforcement resources. To preserve the integrity of our investigation, we cannot provide further comment or details at this time.”
A baffling break-in
The detail adds another layer of intrigue to the seemingly inexplicable hack of IRA Financial Trust, an institutional partner of the Gemini exchange servicing retirement-minded crypto investors. Gemini, a $7 billion company that touts its security chops, has denied responsibility, instead blaming IRA Financial for the loss of millions of dollars in crypto.
Victims who spoke with CoinDesk said the hack should have been impossible. They described imposing strict controls on their Gemini accounts, including withdrawal address whitelisting, two-factor authentication, email notifications and other steps that they thought would stymie hackers.
A source close to Gemini previously said the company makes those safeguards available to institutional customers in order to prevent such incidents. It is unclear how those protocols were compromised on Feb. 8.
“From the end user perspective it's like, ‘Hey Gemini, if you're going to show us that we have whitelisted withdrawals and that’s not true, you are misleading us,’” said one victim who asked not to be named.
Gemini declined to comment.
The Sioux Falls detective said in the voicemail that the case was being handled by the FBI cybercrimes division. The FBI did not immediately respond to a request for comment.
