It was the client’s responsibility, according to Fireblocks, to back up the private keys.
Fireblocks, a crypto-custody company, is being sued by a company that alleges it was locked out of its wallet, which contained a large amount of cryptocurrency.
StakeHound, a crypto staking platform, says that a Fireblocks employee’s irresponsibility led to the loss of tens of millions of dollars in crypto assets with no backup available.
Fireblocks is an Israeli firm providing business custody services and is striving to improve the velocity of digital transactions.
On June 22, StakeHound filed a complaint in Tel Aviv District Court, claiming damages for the assets lost. The wallet in question had 38,178 ETH in it, which was worth over $72 million at the time.
A Fireblocks employee reportedly failed to preserve or backup the private keys to the wallet, which were then erased, prohibiting StakeHound from accessing its holdings, according to the court. StakeHound claimed in a statement:
“This is a human error committed by an employee of the defendants, who worked in an unsuitable work environment, did not protect or back up the defendant’s private keys needed to open the relevant digital wallet, and for no apparent reason, the keys were deleted, preventing the plaintiff’s digital assets from being accessed,”
As shown in a report in the Israeli press, Coincover, the business responsible with backing up the private keys, received the keys but have been unable to examine whether they could unlock the wallet due to a confidentiality clause.
Fireblocks has denied the allegations, claiming that the client produced the private keys and stored them outside of the platform, adding that “the customer did not store the backup with a third-party service provider per our guidelines.”
Fireblocks also stated on its website that it complied with a request from StakeHound in December 2020 to produce a set of “BLS key shares” for an ETH 2.0 staking project.
The Boneh–Lynn–Shacham (BLS) cryptographic signature system allows the user to verify the authenticity of a signer.
On April 29, the Fireblocks researchers conduct a routine disaster recovery drill and noticed that a set of BLS key shards from the backup could not have been decrypted, leading to the conclusion that the client had never backed them up.
“No Fireblocks production keys were ever affected, and all Fireblocks customers’ funds are safe, and customer keys are backed up and recoverable,” it said, adding that it was examining the incident while waiting for a response from the District Court.