870 Bitcoin (BTC) or 8-million worth briefly available to the emergency recovery multi-sig contract of the company as Blockstream’s Bitcoin sidechain malfunctions.
Liquid, Blockstream’s Bitcoin sidechain malfunctions, resulting in their 2-of-3 multi-sig contract briefly control 870 BTC or $8-million worth.
On June 26, James Prestwich, the founder of Summa discovered the anomaly. Summa is a blockchain software that has a great contribution to the tBTC project.
Furthermore, James shared his insights according to his investigation. The spending script for the transaction was set to transfer control to a simple 2-of-3 multi-sig contract for about two weeks, or 2,015 blocks. It may be an intended action. However, it is only a last resort trigger if the Liquid network is about to collapse.
As the waiting period expires, it was only when James know about it. The expiration led to creating a window for 30 minutes or 3 Bitcoin blocks, which could have been the way the emergency multi-sig have taken control over the 870 BTC.
However, the incident did not end in a loss of funds since Blockstream holds the emergency multi-sig. Thus, the BTC was transferred into a new UTXO which resets the emergency multi-sig timer.
Humiliation on Liquid’s security model
Prior to the incident, relatively fixed and opaque entities in the business federation validates that Liquid has a more centralized system than Bitcoin.
Moreover, the said federation holds custody of the Bitcoin utilized in the Liquid bridge. Since it is the easiest method to control BTC to other chains. In normal situations, the funds are redeemed through a more distributed 11-of-15 multi-sig contract, which is duly signed by the members of the federation.
As the federated security model attempts to enhance over holding funds. Prestwich emphasized the importance of the incident, he claims that what happened greatly contradicts the statements and documents of the network.
The incident effectively suggests that a single company controlling the network may greatly reduce security measures, resulting in a significant portion of the funds vulnerable. More so, it appears a consequence from the code written by Blockstream and ran by the federation members. Of which the system automatically renews the transaction before the two-week period.
With Liquid security degradation, the director of Blockstream marketing, Neil Woodfine released a statement. He defends that the issue is a result of an inconsistency between the functionary HSMs of Liquid and the functionaries itself. More so, he adds that the involved amounts are usually small. But, with the growth of Liquid, the incident hits a larger UTXO.
HSM (Hardware Security Modules), are physical devices with difficult update coordination. Thus, he assures the team will deploy software to overcome the problem.
Furthermore, the marketing director emphasizes the funds were never at risk because of the 2-of-3 wallet safety precautions.
Critics on Liquid
As Prestwich tries to understand how the incident happened, he raised an issue of Liquid’s code. He claims it is completely open-source, and anyone can examine how it runs.
Furthermore, he is giving remarks on the response of Grubles, a pseudonymous employee of Blockstream. Who claimed Prestwich was wrong and links him to factually incorrect documents and tweets.
Since the incident, the platform has gained another stream of criticism. With Blockstream’s bitcoin sidechain malfunctions, a pseudonymous analyst, Hasu, disputes the claim of considering Liquid as a trusted sidechain model.