Anomaly on Bitcoin Sidechain Results in Brief Security Lapse

Published at: June 26, 2020

A malfunction in Blockstream’s Liquid bridge for Bitcoin (BTC) resulted in a Blockstream-owned 2-of-3 multisig contract briefly controlling over 870 BTC, worth $8 million.

This was discovered on June 26 by James Prestwich, founder of blockchain software development company Summa, which contributed to the tBTC project.

According to his findings, the spending script for the transaction was configured so as to transfer control to a simple 2-of-3 multisig contract after 2,015 blocks, or about two weeks. While this is intended behavior, this is only meant to be triggered as a last resort if the Liquid network were to collapse, as explained by its documentation.

Prestwich found the issue just as the waiting period expired, which created a window of about thirty minutes, or three Bitcoin blocks, during which the emergency multisig could have taken control of the money.

This did not result in a loss of funds as the emergency multisig is held by Blockstream. The BTC was then moved into a new UTXO that reset the emergency multisig timer.

Security model degradation

The Liquid network is much more centralized than Bitcoin and many other blockchains, as it is validated by a relatively fixed and opaque federation of business entities, primarily exchanges.

The federation also holds custody of the Bitcoin used in the Liquid bridge, as that is the easiest way to peg BTC to other chains. Normally, funds are redeemed through a more distributed 11-of-15 multisig contract, which is signed by the federation members.

The federated security model attempts to be an improvement over holding funds within one exchange, as Cointelegraph reported earlier.

In a conversation with Cointelegraph, Prestwich outlined the importance of the incident:

“This was not normal operation. If anyone says it is, they are wrong. It directly contradicts their docs and public statements.”

The oversight effectively meant that for a brief period, a significant portion of Liquid funds had “greatly reduced security” as only one company controlled them. The issue appears to result from “the code that Blockstream wrote and the federation members run,” which is supposed to automatically renew each transaction before the two-week period comes up.

Commenting on behalf of the company, Neil Woodfine, Blockstream’s director of marketing, told Cointelegraph that “this is a known issue caused by an inconsistency between the timelocks used by Liquid’s functionary HSMs and the functionaries themselves.” He added that the amounts involved are usually small, but due to the growth of the Liquid Network, this issue hit a large UTXO.

Hardware Security Modules, or HSMs, are physical devices for which “coordinating updates is very difficult,” but he said that the team will soon deploy a software workaround.

Woodfine stressed that funds were never at risk because of the safety precautions for the 2-of-3 wallet.

Liquid criticism

When trying to understand what happened, Prestwich raised the issue that the code “is not completely open source, so we can't check how it works.”

He noted that “[Blockstream employees] also responded by telling me I was wrong, and linking to factually incorrect docs and tweets,” referring to a since deleted tweet by Grubles, a pseudonymous employee of the company.

The incident seems to have sparked another wave of criticism toward the platform, with pseudonymous analyst Hasu refuting that Liquid should be considered a sidechain because of its trusted model.

Tags
Technology
Bitcoin
Blockstream
Related Posts
Finance Redefined: The $20,000 Bitcoin special, Dec. 9–16
Finance Redefined is Cointelegraph's DeFi-centric newsletter, delivered to subscribers every Wednesday. Today the crypto world is celebrating Bitcoin’s new all-time high. We did it guys! We’re back to $20,000 after three grueling years. So for this reason, this will be a bit of a Bitcoin-themed newsletter. How is Bitcoin related to DeFi, you ask? Well, for one thing, DeFi’s total value locked has a delta of about 0.2 to Bitcoin’s price. This means that for each 1% that BTC price goes higher or lower, DeFi TVL changes by 0.2%. Most of that relationship is due to the peculiar accounting choice …
Technology / Dec. 16, 2020
Exclusive: Liquid Network Gets Its First General-Purpose Javascript Library
Blockstream’s Liquid Network is now featuring its own Javascript library for developers to easily interact with the blockchain. Named LiquidJS, it was developed and announced by pTokens, an interoperability project working to bring assets cross-chain. The open-source library simplifies access to the Liquid Network for external applications, with no requirements of setting up dedicated nodes. Thomas Bertani, pTokens’ founder, described it as the equivalent of Ethereum’s web3.js library in a conversation with Cointelegraph. Javascript is currently among the most popular programming languages used by virtually all web applications in some form. As such, Javascript libraries for interfacing with blockchains are …
Technology / July 9, 2020
Satoshi Didn’t Sign Craig Wright Message, Says Crypto Researcher
On Monday, a Bitcoin (BTC) miner — or multiple Bitcoin miners — signed a message calling Craig Wright a fraud. One of the addresses used had been previously attributed to the creator of Bitcoin, Satoshi Nakamoto. The message was signed with 145 signatures belonging to the 145 corresponding addresses, and one of those addresses — 12CTHhyJtr49LgoUShbWgebLBviLAFj6nj — was a coinbase address for the Bitcoin mined in block 30169. Previous research conducted by Sergio Demian Lerner identified this block as one mined by Satoshi. Block 30169 Part of “Patoshi” Pattern. Source. SatoshiBlocks. Experts disagree However, Lerner told Cointelegraph that this is …
Technology / May 26, 2020
Is Blockstream’s Liquid Network an Attempt to Compete for Tokens with Ethereum?
At Consensus Distributed on May 12, Blockstream presented Lightnite, a Fortnite-like game that uses the Liquid Network for storing non-fungible tokens (NFT) representing game items. While the game is developed by independent company Satoshi’s Games, Blockstream has sponsored the game by running a token giveaway. The announcement has garnered a considerable amount of criticism from Ethereum (ETH) fans, given the longstanding rivalry with the Bitcoin (BTC) “maximalists.” Non-fungible tokens are traditionally associated with Ethereum and other smart contract blockchains, and received constant criticism from Bitcoin community members as part of that association. Benjamin DiFrancesco, an Ethereum contributor and founder of …
Technology / May 25, 2020
Bitcoin moves $500K around the globe every second, says Samson Mow
Blockstream’s Samson Mow wants to move the conversation away from Bitcoin’s (BTC) performance in transactions per second and toward its role in ushering in “a new financial paradigm,” that is, serving as a permissionless medium for the store and transfer of value. #Bitcoin moves nearly half a million dollars in value around the globe permissionlessly every second. It was never about transactions per second and coffee. It's all about value transacted per second and a new financial paradigm. #VTPS not #TPS. Nothing comes close to @BTC. pic.twitter.com/aXfDauPx9b — Samson Mow (@Excellion) December 2, 2020 Mow’s argument is that “VPTS [value …
Technology / Dec. 2, 2020