Bitcoins stored on the Liquid Network were temporarily able to be seized by network moderators Thursday night. The potential vulnerability in the Bitcoin sidechainâs security parameters was discovered by Summa founder James Prestwich.
Liquid â a network developed and overseen by Blockstream and meant to move bitcoins around more quickly than the Bitcoin blockchain â moved 870 bitcoins that had been stuck in a queue since June 11 waiting to be processed.
Occurring Thursday at 17:19 GMT, the transfer used a less-secure two-of-three emergency multisig rather than the 11-of-15 typically used for such transactions. The funds were potentially seizable for about one hour, according to Prestwich.
âThis was not a normal operation. If anyone says it is, they are wrong. It directly contradicts [Liquidâs] docs and public statements,â Prestwich said in a private message.
At current prices, the transaction is valued at roughly $8 million.
âThis is a known issue caused by an inconsistency between the timelocks used by Liquidâs functionary [hardware security modules] and the functionaries themselves,â Blockstream Marketing Director Neil Woodfire told CoinDesk in a private message. âDespite the issue, the funds are always safe.â
Woodfire said that ârecent growth in the Liquid Networkâ and coordination plans caused by the coronavirus pandemic have led to difficulty in updating firmware relating to the timelocks. Those updates should be implemented by Q4 2020, he said.
âTo be secure, these systems must operate reliably and on-spec. In this case the Liquid federation did neither. As a result, Blockstreamâs administrator backdoor activated, and Liquid security became dependent on trusting the company.â
How Liquid works
Liquid operates as a sidechain to the Bitcoin network. It uses a one-to-one pegged token called L-BTC to move funds around more quickly than the regular network, which is overseen by a federation of select nodes.Â
Those nodes are typically hosted by large over-the-counter (OTC) trading desks or crypto exchanges. Each transaction, moreover, must be signed by 11 of 15 representative bodies. Liquid currently has 44 federation members such as BitMEX, Ledger and Xapo.Â
When bitcoin moves onto Liquid, it goes through a âpeggingâ process where bitcoin is stored in a secure wallet moderated by the federation. LBTC is created and redeemed when bitcoin is deposited. The process reverses when bitcoin is withdrawn.
An emergency caveat does exist when bitcoins have not moved from a wallet for 30 days. In that case, a two-of-three multisig approval is activated in order to preserve the network. This is done to protect Liquid in the case of greater than one-third of the federated parties being severed from the Liquid Network.
According to Liquidâs technical documentation:
âIf one-third or more of the network is ever unable to continue operating, the network would stall and the funds held would be locked up forever. To avoid this, all funds held by the Liquid Network are also accessible by a set of three emergency keys when the network has been non-functional for thirty consecutive days.â
Prestwich disclosed the security error publicly because the funds were never at risk of being openly stolen by a hacker, but only by those overseeing the emergency wallet. Those holders remain anonymous.
Whether or not this has happened in the past remains an open and pertinent security question, Prestwich added.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.