Exclusive

Cryptocurrency security company Fireblocks sued for losing $75 million worth of ETH

Crypto company StakeHound claims that Fireblocks was negligent and failed to back up its wallet appropriately. Fireblocks has denied any wrongdoing

Meir Orbach 12:3822.06.21
Cryptocurrency company StakeHound has filed a lawsuit against Israeli company Fireblocks, claiming that it lost NIS 245.5 million (approximately $75 million) worth of cryptocurrencies it was entrusted with. StakeHound claims that Fireblocks, a developer of secure cross-enterprise asset transfer infrastructure, was negligent and as a result the funds have been lost and can not be recovered. The lawsuit was filed today at the Tel Aviv District Court by attorneys Eli Cohen, Alex Feldsher, and Nuna Lerner of Gornitzky & Co law firm. Fireblocks has denied any wrongdoing, claiming that: "The keys were generated by the client and stored outside the Fireblocks platform," and that "the customer did not store the backup with a third-party service provider per our guidelines."

 Fireblocks CEO Michael Shaulov Photo: Inna Schneider Fireblocks CEO Michael Shaulov Photo: Inna Schneider

 

According to the lawsuit, negligence by a Fireblocks employee led to the crypto assets being lost without any backup being available. "This is a human error committed by an employee of the defendants, who worked in an unsuitable work environment, did not protect or back up the defendant’s private keys needed to open the relevant digital wallet, and for no apparent reason, the keys were deleted, preventing the plaintiff’s digital assets from being accessed.”

 

Coincover, the company trusted with backing up the private keys, received the keys, but could not check if they could open the digital wallet due to a confidentiality agreement. In order to recover the keys through the backup made by Coincover, a copy of it must be kept at Fireblocks, so that at the time of recovery, it can be verified.

 

StakeHound claims that "this is not a simple situation where the private keys were simply lost, rather, the defendants did not transfer the relevant private keys to Coincover as required and agreed upon. This resulted in a disaster and damage: The defendant irrevocably lost access to the plaintiff’s digital assets, which were deposited in an e-wallet provided by the defendant, causing the loss of 38,178 of the plaintiff's ETH coins.”

 

Earlier this year, Fireblocks reported that it raised $133 million in a Round C series. The investment was led by Coatue, Ribbit, and included participation by existing investors Paradigm, Galaxy Digital, Swisscom Ventures, Tenaya Capital, and Cyberstarts Ventures. The company was founded in 2018 by CEO Michael Shaulov, who founded Lacoon Mobile Security, which was sold to Check Point six years ago for $100 million.

Eli Cohen of Gornitzky & Co law firm Photo: Yonatan Bloom Eli Cohen of Gornitzky & Co law firm Photo: Yonatan Bloom

 

Fireblocks offers banks and traditional financial institutions the ability to seamlessly plug into the broader decentralized finance ecosystem and all of its market participants. Using Fireblocks’ platform, banks and fintechs can rapidly deploy custody, tokenization, asset management, trading, lending and payment solutions across public and private blockchain networks.

 

Fireblocks CEO Michael Shaulov told Calclaist in response that "the plaintiff's entire claim is incorrect and the entire sequence of events described is detached from reality, and if there was negligence it was from the plaintiff's side. We have never lost wallet keys and they are all backed up by us every ten minutes in three different locations, and all of our keys create a backup by themselves and by a third party."

   

"What actually happened was that the customer engaged in an activity called stacking, which creates interest for Ethereum coins, the customer did so in preparation for the release of Ethereum 2.0. They took crypto from people until the new coin arrived in exchange for future interest. In the framework they created, there is a password the client needs as soon as the new network is established. Fireblocks does not create the password for the network because it does not yet exist. This is a technology we do not know how to support. What we did do for them through our research team was to help them develop an application they ran in order to generate a password, which they needed to back up and provide instructions for backing it up. They did not back up the password and did not confirm it," said Shaulov.

  

"We were involved in the process and we provided the software. They gave us a key that was not part of the system and they had to pass instructions to use it, and we tried to help them but they decided to file a lawsuit," said Shaulov.

 

Earlier Fireblocks wrote on its website in response to the lawsuit that: "In December 2020, the Fireblocks’ research team cooperated with a request from Stakehound to create a set of BLS credentials related to an ETH 2.0 staking project. The key shares created in connection with this project were managed outside of the Fireblocks platform and were not part of its MPC wallet structure or backup procedures. When certain irregularities around the BLS key shares were discovered during a regularly scheduled disaster recovery drill, Fireblocks immediately suspended the potentially impacted addresses and offered its help to the customer. We are actively investigating the situation and assisting all parties involved to resolve the issue."

 

The post added that: "No Fireblocks production keys were ever affected, and all Fireblocks customers’ funds are safe, and customer keys are backed up and recoverable. The BLS key shares for this project were not part of the Fireblocks MPC wallet structure. The keys were generated by the client and stored outside the Fireblocks platform. The customer did not store the backup with a third-party service provider per our guidelines."