StakeHound has announced that it is suing crypto-custody firm Fireblocks for the loss of 38,178 ETH that has been rendered inaccessible due to negligence of the company. The press release said that they had been informed of the incident on the 2nd of May 2021. But all efforts to resolve the issue were not successful.
This has led to StakeHound to begin proceedings with the Isreali High Court on the 22nd of June.
The loss is attributed to a series of errors on the part of Fireblocks. Apparently, Fireblocks did not generate their private keys in a secure production environment. Furthermore, they did not include the private keys that would be required to decrypt their 2-key shares in the backup. And somehow, the firm had managed to lose both keys.
This means that there is currently no way to access over 38,000 Ethereum in staked coins.
How The Loss Happened
According to the filing with the Tel Aviv court, there were no backups made for the recovery of the coins.
It is still unclear how exactly a crypto-custody firm managed to lose both keys with access to the coins.
StakeHound however blames Fireblocks for the loss. The Isreali court was told that it was most likely a negligence issue on the part of an employee. Point out that no backups were made by Fireblocks to the wallet keys.
In the filing, StakeHound states;
“This is a human error committed by an employee of the defendants. Who worked in an unsuitable work environment. Did not protect or backup the defendant’s private keys needed to open the relevant digital wallet. And for no apparent reason, the keys were deleted. Preventing the plaintiff’s digital assets from being accessed.”
But Fireblocks has denied these claims. CEO Michael Shaulov also pointed out that his company has never lost any keys before.
The CEO of Fireblocks said that all keys with the company backup automatically. And the keys continuously back up every 10 minutes to three different locations.
Fireblocks said that the fault was not from them as they were not contractually obligated to store part of the keys.
The company said that the keys were generated and stored outside of the Fireblocks platform.
According to Fireblocks, they discovered the loss when they were performing a routine disaster drill in April of 2021. It was during this that they realized that the keys could not be decrypted. Since they had no obligation to backup the keys, they had advised the customer (StakeHound) to backup the keys with a third-party disaster recovery service.
Within a few hours, the Fireblocks team had concluded that there was no third-party backup made. All transactions that that ETH address was suspended.
What This Means For StakeHound Users
Stakers on StakeHound whose coins are held in the wallet with the lost keys risk losing their staked coins.
Staking on a pool in which you have no access to the private keys puts you at risk of losing your coins. And that is what is going to happen if the companies are not able to decrypt the wallets. Without access to the private keys, the coins basically do not belong to you.
This is where the famous “not your keys, not your coins” comes into play.
Staking is currently the new rave in the crypto space with ETH 2.0 coming. People are staking coins with pools without fully realizing the risks associated with doing so. Once you send your coins to a wallet that you do not control the private keys, those coins basically stop being yours.
So for thousands of StakeHound users, this most likely spells bad news for them if the coins cannot be transferred.
It’s the same thing as when an exchange gets hacked and your coins get stolen. There is no way for you to properly protect your coins because you do not control the private keys.
Fireblocks has said that they will continue investigating the situation.
Meanwhile, StakeHound said they will release a public statement in the coming weeks describing the next steps. But will perform a smart contract upgrade with immediate effect. This will allow for the removal of stETH from the liquidity pools. Also preventing it from being sent to the pools.
The company will continue to purchase and distribute token rewards according to its Terms and Conditions.