Bitcoins banked on the Liquid Network were temporarily able to be seized by network moderators Thursday night. The potential vulnerability in the Bitcoin sidechain’s assurance parameters was discovered by Summa founder James Prestwich.
Liquid – a network developed and overseen by Blockstream and meant to touch bitcoins around more quickly than the Bitcoin blockchain – moved 870 bitcoins that had been bewildered in a queue since June 11 waiting to be processed.
Occurring Thursday at 17:19 GMT, the holders of the network’s emergency two-of-three multisig pocketbook had potential access to the funds for about one hour, according to Prestwich. The transaction was processed normally, using the network’s 11-of-15 multisig method.
“This was not a run-of-the-mill operation. If anyone says it is, they are wrong. It directly contradicts [Liquid’s] docs and public statements,” Prestwich guessed in a private message.
At current prices, the transaction is valued at roughly $8 million.
“This is a known issue created by an inconsistency between the timelocks used by Liquid’s functionary [hardware security modules] and the functionaries themselves,” Blockstream Selling Director Neil Woodfire told CoinDesk in a private message. “Despite the issue, the funds are always safe.”
Woodfire predicted that “recent growth in the Liquid Network” and coordination plans caused by the coronavirus pandemic have led to difficulty in updating firmware empathizing to the timelocks. Those updates should be implemented by Q4 2020, he said.
“To be secure, these systems must operate reliably and on-spec. In this suit the Liquid federation did neither. As a result, Blockstream’s administrator backdoor activated, and Liquid security became dependent on incautious the company.”
Liquid operates as a sidechain to the Bitcoin network. It uses a one-to-one pegged token called L-BTC to moving ahead funds around more quickly than the regular network, which is overseen by a federation of select nodes.
Those nodes are typically hosted by brawny over-the-counter (OTC) trading desks or crypto exchanges. Each transaction, moreover, must be signed by 11 of 15 spokesman bodies. Liquid currently has 44 federation members such as BitMEX, Ledger and Xapo.
When bitcoin shifts onto Liquid, it goes through a “peg-in” process where bitcoin is stored in a secure wallet moderated by the association. LBTC is created and redeemed when bitcoin is deposited. The process reverses when bitcoin is withdrawn.
An emergency caveat does prevail when bitcoins have not moved from a wallet for 30 days. In that case, a two-of-three multisig rubber-stamp is activated in order to preserve the network. This is done to protect Liquid in the case of greater than one-third of the federated blocs being severed from the Liquid Network.
“If one-third or more of the network is ever unable to continue operating, the network desire stall and the funds held would be locked up forever. To avoid this, all funds held by the Liquid Network are also approachable by a set of three emergency keys when the network has been non-functional for thirty consecutive days.”
Prestwich disclosed the asylum error publicly because the funds were never at risk of being openly stolen by a hacker, but only by those running the emergency wallet. Those holders remain anonymous.
Whether or not this has happened in the past remains an open and apropos security question, Prestwich added.
Prestwich is also currently an advisor to Keep, which recently launched a wrapped-bitcoin symbolic known as tBTC.
The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic benchmarks and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which ordains in cryptocurrencies and blockchain startups.