Database storage 3d illustration
Fireblocks, a leading institutional crypto services provider, is accused of losing $75 million worth of ether by its client, Switzerland-based staking services firm, StakeHound. As a result, the Israel-based Fireblocks is being sued for alleged negligence, according to documents reportedly filed with the Tel Aviv District Court this week. Earlier reports claim Fireblocks failed to backup half of a key it was holding on behalf of StakeHound needed to access 38,178 staked ether (the native token of Ethereum).
Fireblocks CEO, Michael Shaulov, tells a different story. According to Shaulov, his company, which has completed transfers of nearly $700 billion in digital assets since its launch, took on StakeHound as a client in December under contract for two services: FireBlocks' custodial services, which are handled as part of the company’s regular operations, and a unique partnership to create code that generates a cryptographic password for a process called staking, which pays cryptocurrency owners willing to lock up their assets as collateral.
While Fireblocks’ core business appears to be growing strong, clients are increasingly looking for new ways to tap into these staking opportunities without compromising security. In total, $11.4 billion has been staked on Ethereum in the last six months alone, and trust in these third party services could prove paramount to the burgeoning investment opportunity’s maturity. Shaulov is not concerned.
“It had nothing to do with our real service that we are providing to over 400 clients right now, none of the wallets of our clients were affected, including by the way [StakeHound’s] wallets, they’re still using the wallets that we are providing them,” Shaulov says. “So there are fairly factual issues with the way they put their lawsuit. I assume this is as a result of them being stressed and basically trying to throw the blame on someone who has a bigger balance sheet.”
Founded in 2018, Fireblocks has grown into one of the largest crypto service providers in the industry with clients including several mainstream financial players like BNY Mellon, Revolut and other banks. In March, Fireblocks completed a $133 million series C funding round, securing backing from Bank of New York Mellon, among others, and bringing the company’s total funding to $179 million.
Fireblocks and StakeHound worked together to create a program that generates what are called Boneh–Lynn–Shacham (BLS) signatures that help verify the signer of a staking agreement is authentic. StakeHound then used the script to generate its own BLS signature outside of the Fireblocks ecosystem and began working with a third party custodian, Coincover, to backup that signature, Shaulov says. After developing the program to generate the BLS key with Fireblocks and then using it to create its own key, StakeHound sent 38,178 ether, worth approximately $76.4 million at the time of writing, to the ethereum 2.0 smart contract. Shaulov adds that while that relationship was being set-up, StakeHound did not want to keep the key with them in its entirety, for security purposes, and asked Fireblocks to hold onto half of it. He further stated that this request was a spoken agreement between Fireblocks and Stakehound, rather than a contractual obligation.
Their original agreement explicitly states that Fireblocks does not support BLS signatures as part of their typical line of business and that they will introduce StakeHound to a third party they can store it with, says Shaulov. He declined to share the actual contract agreement between the companies with Forbes, citing the pending lawsuit.
This splitting of StakeHound’s BLS key between StakeHound and Fireblocks is where things went tragically wrong. Shaulov says that StakeHound never followed up with Fireblocks to tell them to send their half of the BLS key to Coincover. In March, the Fireblocks computer where half of StakeHound’s BLS signature was in cold storage failed, leaving StakeHound without half of the password needed to recover the ETH locked in the ethereum 2.0 smart contract. Shaulov says StakeHound never told Fireblocks to send their half of the BLS key to Coincover or utilized a built-in tool to verify that backup was successful. The oversight was discovered during an annual disaster recovery drill conducted by Fireblocks in April.
“On the 2nd of May 2021, we were informed by one of our custody providers, Fireblocks, that 38,178 of our staked ethereum may have been rendered inaccessible because of a failure by Fireblocks to secure the cryptographic keys as they were required to do,” a statement from StakeHouse reads.
Outside observers should look at this event as a cautionary tale. The more crypto moves from place to place or contract to contract, the chances increase that something could go wrong. That said, institutional custodians will still need to find ways to support market demand for new ways to generate passive income on holdings. There are opportunities for recourse when assets get sent to centralized lenders on the Fireblocks network because there is an office to be called, but those recourse options do not always exist when it comes to decentralized products because the systems are often governed by immutable code.
Shaulov emphasized that holding this key fragment was not part of StakeHound’s contract with Fireblocks and that the company always requires clients to backup their keys with a third party. He added that StakeHound is still using Fireblocks to custody all of its crypto assets.
