Levitas Capital has commenced proceedings against their trustee Sargon and administrator Apex, after they both allegedly failed to prevent unauthorised transactions after the company was hacked.
The firm’s founder was hacked via a fake Zoom link and hackers were able to plant malicious software on the company’s systems.
Between 10 to 16 September, a “malicious actor” sent various invoices to the trustee and administrator, and pushed them to make payments.
The firm was forced to close after its largest institutional client, Australian Catholic Super, withdrew its money after the cyberattack.
Speaking to Money Management, Michael Fagan, Levitas Capital co-founder, said the administrator acted to both create and authorise a payment to a sole shareholder of a company called Unique Star Holdings.
“The invoice that was sent to them was addressed to our company, not the trustee [and] was for a capital call,” Fagan said.
“We trade VIX options and VIX futures only, we have never traded anything else, we have never traded a single share anywhere in the world.
“The administrator created that payment within a new payment system that we have been forced onto by the trustee, Sargon Pay.”
From there, it went to the trustee who paid $1.2 million on 16 September to a bank account owned by Unique Star Holdings at an ANZ branch in Bankstown.
There were also two other payments: one to a Hong Kong incorporated company called Pavelin for $2.5 million and another which was about to go out on 23 September to a Singapore company called East Green Trading for $5 million.
The firm was moved onto Sargon Pay, a streamlined fund payment online portal, replacing an older system that required Microsoft Excel and PDF electronic print-outs that had to be manually verified.
“It’s certainly more streamlined, that was my big concern and I had my objections over the last couple of months,” Fagan said.
“We were told [by Sargon] if you don’t move on, then we’re going to have to reassess our position with you as a service provider.
“We were pushed onto the Sargon Pay system in that week; the $1.2 million payment that was made was actually only the second payment that had been put through this system.”
Fagan said even with the streamlined process, Sargon had removed the failsafe financial institutions had for larger transactions which was a call to confirm the transaction.
In a statement to Money Management, Sargon said this was an ongoing investigation and AET/Sargon would continue to co-operate with the police and relevant authorities as they gathered information about what occurred.
“We take cyber security issues very seriously and are constantly looking at systems and processes to combat cyber criminals operating in financial services,” the firm said.
“SargonPay is and remains secure and was not compromised in the Levitas Capital cyber incident.
“Payment instructions however were compromised prior to any entry into Sargon Pay. We are continuing to investigate the compromise, where and how it happened and where and how the manual processes required to verify instructions may have fallen down in order to ensure that this type of incident does not happen again.”