IRA Financial, which has offered clients exposure to crypto via integration with Gemini, said that the New York-based Gemini's systems were responsible for the February attack, which resulted in the theft of $36 million from those retirement accounts.
The firm said that Gemini's platform didn't "have the proper safeguards in place to protect customer crypto assets." Specifically, IRA Financial says that Gemini relied on a "faulty" API, which "included a single point of failure."
From the suit:
"[N]ot only did Gemini's system harbor a single-point-of-failure, but it also contained a sweeping vulnerability that allowed for a breach of a single customer account to metastasize across all accounts.
IRA Financial added that Gemini "failed to freeze accounts within a sufficient timeframe immediately following the incident, allowing the criminals to continue moving funds out of customers' accounts on the Gemini exchange after IRA notified Gemini."
It was not immediately clear at press time where IRA Financial's lawsuit was filed.
Both Gemini and IRA Financial also face a proposed class-action lawsuit from customers impacted by the breach.
IRA Financial's suit against Gemini is the latest in a string of tough headlines for the firm, which was founded by Cameron and Tyler Winklevoss.
Last week, the Commodities Futures Trading Commission filed a lawsuit against Gemini in which the agency claimed that the firm misled or withheld information pertaining to its role in the launch of bitcoin futures on Cboe. Gemini provided Cboe with pricing data for the derivatives product, which was discontinued in 2019.
The firm, which raised funds last year at a $7 billion valuation, laid off 10% of its staff this month.