Fireblocks faces lawsuit over key management incident, resulting in $75 million loss.
Israeli-based firm Fireblocks,which provides crypto custody services for businesses faces negligence accusations, allegedly deleting keys to a wallet containing 38,178 Ethereum (ETH).
The lawsuit was filed by a cryptocurrency staking company StakeHound, claiming it got locked out of its wallet containing approximately $75 million worth of cryptocurrency.
According to a CTech news report the lawsuit was filed at the Tel Aviv District Court as the crypto staking company claimed Fireblocks employee’s negligence caused the loss of cryptos, without any backup available.
“This is a human error committed by an employee of the defendants, who worked in an unsuitable work environment, did not protect or back up the defendant’s private keys needed to open the relevant digital wallet, and for no apparent reason, the keys were deleted, preventing the plaintiff’s digital assets from being accessed,” an official said.
Fireblocks claimed it was the StakeHound’s responsibility to back up their private keys, which they generated themselves and stored outside the custodian’s platform, adding “the customer did not store the backup with a third-party service provider per our guidelines.”
Crypto security company Coincover was trusted by StakeHound to back up the private keys, received the keys but bound to a confidentiality agreement, could not check if they opened the digital wallet.
To recover the keys through the Coincover’s backup, a copy of it must be kept at Fireblocks, so it could be verified at the time of recovery.
StakeHound claims that the private keys were not simply lost, but the defendants did not transfer the relevant private keys to Coincover as required and agreed upon, stating that the negligent custody provider “did not generate their private keys in a production environment, did not include the private keys required to decrypt their 2 key shares in the backup and lost both keys.”
Fireblocks stated it cooperated with a request from StakeHound in December 2020 to create a set of “BLS key shares” related to an ETH 2.0 staking project.
Boneh-Lynn-Shacham or BLS is a cryptographic signature algorithm that enables verifying signer authentication.
Months later, while conducting a regularly scheduled disaster recovery drill, the custodian discovered a set of BLS key shares from the backup could not be decrypted and concluded StakeHound never backed them up.