Blockstream's Liquid Network has sent $ 8 million in BTC unsafe, says a Bitcoin developer

Blockstream Liquid Network has sent $ 8 million in BTC unsafe, says Bitcoin developer - banner imageA sum of bitcoins - here the quotation in real time - filed on the Liquid Network was temporarily seized by moderators Thursday night last week.

The potential vulnerability of the parameters in the security of the Bitcoin sidechain was discovered by Summa founder James Prestwich.

Funds are always safe

Liquid - a network developed and supervised by Blockstream and destined to move bitcoins faster than the original Bitcoin blockchain - has moved 870 bitcoins stopped in queue since June 11 waiting to be processed.

Generally, the funds would be seizable for about an hour, according to Prestwich. “This was not a normal operation. If anyone says otherwise, he is wrong. It directly contradicts [Liquid's] public documents and statements, ”Prestwich said in a private message.

Based on current prices, the transaction is valued at around $ 8 million. "This is a known issue caused by inconsistency between the timelocks used by Liquid officials [hardware security modules] and the officials themselves," Blockstream marketing director Neil Woodfire said in a private message.

"Despite this problem, the funds are always safe." Woodfire said that "the recent growth of the liquid network" and the coordination plans born following the coronavirus pandemic have led to difficulties in updating the firmware related to the timelock. Such updates are expected to be implemented by the fourth quarter of 2020, he said.

How Liquid works

Liquid works like a sidechain for the Bitcoin network. It uses a one-to-one anchored token called L-BTC to move funds faster than the normal network, which is controlled by a federation of selected nodes.

These nodes are typically hosted by large over-the-counter (OTC) trading banks or cryptocurrency exchanges. Furthermore, each transaction must be signed by 11 of the 15 representative bodies. Liquid currently has 44 federation members such as BitMEX, Ledger and Xapo.

When the bitcoin passes to Liquid, it goes through a "pegging" process in which the bitcoin is stored in a secure wallet moderated by the federation. LBTC is created and redeemed when bitcoins are deposited.

The process reverses when bitcoin is withdrawn. When bitcoins don't move out of a wallet for 30 days, an emergency alert is triggered. In this case, a two-of-three multisig approval is activated to preserve the network.

This is done to protect Liquid in the event that more than a third of the federated parties are separated from the Liquid network. According to Liquid's technical documentation: “If a third or more of the network were unable to continue operating, the network would freeze and the funds held would remain blocked forever.

To avoid this, all funds held by Liquid Network are also accessible through a set of three emergency keys if the network remains inoperative for thirty consecutive days. " Prestwich has publicly revealed the security flaw because the funds have never been at risk of theft by hackers, but only by those who oversee the emergency wallet who remain anonymous.