Moderators on Liquid Network temporarily grabbed bitcoins they were meant to process. The 870 bitcoins, valued at approximately $8 million, were stuck in a queue and waiting to be processed.
The Thursday, June 25, 2020 incident revealed the potential vulnerability in the Bitcoin sidechain’s security limitations was exposed by Summa founder James Prestwich. According to him, the vulnerability made it possible for the network’s emergency two-of-three multi-sig wallets to access the funds for about one hour. Blockstream processed the transaction normally, using the network’s 11-of-15 multisig method. Commenting, Prestwich said in a private message:
“For just under an hour, the emergency 2-of-3 controlled 870 Bitcoin, this was not a normal operation. If anyone says it is, they are wrong. It directly contradicts [Liquid’s] docs and public statements.”
Nothing to Worry About
Blockstream Marketing Director Neil Woodfire blamed the situation on the recent growth in the Liquid network. He explained the coordination plans as a result of Covid-19 had made it difficult for them to update firmware relating to timelocks. He assured that the updates would be implemented by Q4 2020. Woodfire assured users that there was nothing to worry about. He said:
“This is a known issue caused by an inconsistency between the timelocks used by Liquid’s functionary [hardware security modules] and the functionaries themselves […] despite the issue; the funds are always safe.”
The liquid network runs as a sidechain of the Bitcoin network. The firm uses a one-to-one pegged token dubbed L-BTC to transfer funds faster than the regular blockchain, which is superintended by a coalition of select nodes. The nodes are hosted by cryptocurrency exchanges or leading OTC desks. However, every transaction has to be signed by 11 out of 15 representative bodies.
Liquid Federation Did Neither
Whenever bitcoin enters the Liquid system, it has to go through a “peg-in” process and is stored in a secure wallet moderated by a federation. The Liquid currently has 44 federation members such as BitMEX, Ledger and Xapo. L-BTC is created and redeemed when bitcoin is deposited. The process reverses when bitcoin is withdrawn.
An emergency occurs whenever a bitcoin wallet is dormant for 30 days, during which time a two-of-three multisig approval is activated. The procedure is meant to safeguard the Liquid Network should a more than one-third of the parties vacate the network. According to Prestwich:
“To be secure, these systems must operate reliably and on-spec. In this case, the Liquid federation did neither. As a result, Blockstream’s administrator backdoor activated, and Liquid security became dependent on trusting the company.”