Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Blockstreamâs Liquid sidechain suffered a security incident where 870 BTC were briefly available to the companyâs emergency recovery multisig contract.
A malfunction in Blockstreamâs Liquid bridge for Bitcoin (BTC) resulted in a Blockstream-owned 2-of-3 multisig contract briefly controlling over 870 BTC, worth $8 million.
This was discovered on June 26 by James Prestwich, founder of blockchain software development company Summa, which contributed to the tBTC project.
According to his findings, the spending script for the transaction was configured so as to transfer control to a simple 2-of-3 multisig contract after 2,015 blocks, or about two weeks. While this is intended behavior, this is only meant to be triggered as a last resort if the Liquid network were to collapse, as explained by its documentation.
Prestwich found the issue just as the waiting period expired, which created a window of about thirty minutes, or three Bitcoin blocks, during which the emergency multisig could have taken control of the money.
This did not result in a loss of funds as the emergency multisig is held by Blockstream. The BTC was then moved into a new UTXO that reset the emergency multisig timer.
Security model degradation
The Liquid network is much more centralized than Bitcoin and many other blockchains, as it is validated by a relatively fixed and opaque federation of business entities, primarily exchanges.
The federation also holds custody of the Bitcoin used in the Liquid bridge, as that is the easiest way to peg BTC to other chains. Normally, funds are redeemed through a more distributed 11-of-15 multisig contract, which is signed by the federation members.
The federated security model attempts to be an improvement over holding funds within one exchange, as Cointelegraph reported earlier.
In a conversation with Cointelegraph, Prestwich outlined the importance of the incident:
âThis was not normal operation. If anyone says it is, they are wrong. It directly contradicts their docs and public statements.â
The oversight effectively meant that for a brief period, a significant portion of Liquid funds had âgreatly reduced securityâ as only one company controlled them. The issue appears to result from âthe code that Blockstream wrote and the federation members run,â which is supposed to automatically renew each transaction before the two-week period comes up.
Commenting on behalf of the company, Neil Woodfine, Blockstreamâs director of marketing, told Cointelegraph that âthis is a known issue caused by an inconsistency between the timelocks used by Liquidâs functionary HSMs and the functionaries themselves.â He added that the amounts involved are usually small, but due to the growth of the Liquid Network, this issue hit a large UTXO.
Hardware Security Modules, or HSMs, are physical devices for which âcoordinating updates is very difficult,â but he said that the team will soon deploy a software workaround.
Woodfine stressed that funds were never at risk because of the safety precautions for the 2-of-3 wallet.
Liquid criticism
When trying to understand what happened, Prestwich raised the issue that the code âis not completely open source, so we can't check how it works.â
He noted that â[Blockstream employees] also responded by telling me I was wrong, and linking to factually incorrect docs and tweets,â referring to a since deleted tweet by Grubles, a pseudonymous employee of the company.
The incident seems to have sparked another wave of criticism toward the platform, with pseudonymous analyst Hasu refuting that Liquid should be considered a sidechain because of its trusted model.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.