Gregg Bennett, known for his continuous contributions to startups as an angel investor, issuing the Washington-based crypto exchange Bittrex for presumably playing a role in a million-dollar hacking attack in which he lost valuable assets in the form of Bitcoin (BTC.)
Bennett is currently involved with over 30 new projects. In recent days, he decided to file a lawsuit against Bittrex, in which he claims that the platform incurred in a violation when it ignored its own security standards and practices that have become “standard” in the field. Those events, according to the investor, led to cybercriminals being able to take roughly $1 million dollars worth of BTC from his account back in April.
Bennett claims that he wants his money back. “I am asking for Bittrex to do the right thing by plugging what I see as gaping holes in their approach to security, and to return my coin to me,” he said.
Holding Bittrex Liable
The legal document was filed in King County Superior Court, and through it, the investor and entrepreneur want to hold Bittrex liable for the loss of his assets, based on what is described as “unfair and deceptive acts that misrepresented its level of security.”
The suit was officially filed near the end of October. It explains that Bennett originally suffered a SIM card hack, which is an increasingly common type of attack in which the cybercriminals in question take over the victim’s mobile SIM card and take advantage of it by gaining access to sensible information that may be valuable, such as passwords and other account data.
The hackers, basically, impersonate the victim. In this particular case, they took his identity and took over several personal accounts. Among those were the Bittrex one, which is the crypto exchange in which he stores his Bitcoin and other digital assets.
The legal document also details that in mid-April, the hackers entered his Bittrex account and converted the BTC to other currencies, and later transferred the resulting funds to another account managed by the cybercriminal to complete the attack.
A Two-Hour Wait
That night, when the investor noticed the attack, he tried to let Bittrex know, but the exchange did not act on his warning for a period of two hours, letting the hackers successfully drain his account.
“As alleged in our complaint, Bittrex ignored a number of red flags warning Bittrex that the person initiating the withdrawal was not Gregg Bennett,” according to Dan Kittle of Lane Powell, the law firm that represents Bennett. “We plan to show in court that Bittrex either ignored or was unaware of standard industry safeguards to prevent hacks just like this.”
The lawsuit also observes that the exchange did not notice incriminating behavior, such as the use of a suspicious IP address and access to his account by a completely different operating system, for example.
The Washington Department of Financial Institutions already investigated into the matter in August, and came to the conclusion that Bittrex failed to act in a proper fashion when it comes to stopping the funds from being taken off Bennett’s account.
“Bittrex was bamboozled by hackers who should have been as visible as thieves wearing masks and carrying guns,” Bennett observed.
By Andres Chavez