Due to a bug in the Blockstream side chain solution Liquid Network, its employees had access to other people's funds for 18 months. Management was aware of the problem, but did not report it. On June 25, the vulnerability was accidentally discovered by blockchain developer James Prestwich, noting that Liquid Network operators gained access to 870 BTC frozen on the network. In this situation, the crypto community accuses Blockstream of excessive centralization and possible fraud. The company's management says that the funds were safe, not a single satoshi was stolen and the bug will be fixed soon. What is the reason for the vulnerability, why Blockstream was in no hurry to fix it, and how much the company's reputation was damaged, DeCenter figured out.
How the Liquid Network Protocol works
To better understand what happened, we briefly recall how the Liquid Network protocol works.
Liquid Network is a private centralized Bitcoin blockchain sidechain operating as a settlement and payment network for exchanges, traders, market makers and brokers. The Liquid Network was developed and controlled by the Canadian company Blockstream and was launched for mass use in October 2018.
Liquid Network has a total of 44 partners, including Atlantic Financial, OKCoin, Xapo, Bitfinex, Bitmax, BitME, BitMEX, Ledger, Tether and Xapo, among others. Since March this year, the protocol overtook another Blockstream product, the second-level Lightning Network solution, in terms of the number of bitcoins circulating . On the day the article was published on Liquid Network, 2161 BTC were blocked - about $ 19.7 million.
Liquid Network is a separate additional blockchain built on top of the main Bitcoin network. It allows you to make instant transactions in a large volume, while maintaining confidentiality, and store funds outside the exchange.
Transactions are carried out using Liquid Bitcoin (L-BTC) -special tokens tied to bitcoin in a 1: 1 ratio. The user of the main Bitcoin network first sends coins to the outgoing address of the swap wallet, which acts as a bridge between the sidechain and the main network. In it, coins are “frozen” by a group of validators - this eliminates the possibility of spending coins elsewhere. Validators also guarantee that each BTC in the sidechain corresponds to a BTC frozen in the wallet. After that, the equivalent amount of L-BTC sent to the bitcoins is transferred to the sidechain, and when sending from the sidechain to the main blockchain, everything happens in the reverse order.
How James Prestwitch found the missing 870 BTC
On June 25, James Prestwitch , the blockchain developer and founder of Summa startup , noticed that Blockstream operators gained access to 870 BTCs (≈ $ 7.9 million), which were stuck in the queue for transaction processing on June 11th. This came as a surprise to the developer and the crypto community. It was assumed that Blockstream employees could use this opportunity only in the most extreme case.
Bitcoins sent to the Liquid network as L-BTC are frozen in a multi-signature wallet. To unlock coins, you need transaction confirmation 11 of the 15 key holders (control nodes) selected randomly.
An important condition prescribed in the Liquid Network technical documentation is that if 30% of nodes leave the network, for example, during a hacker attack, the funds withheld will be blocked forever. To prevent this from happening, all funds held by Liquid Network are also available with a set of three emergency keys.
An emergency mechanism is triggered every time when processing a single transaction exceeds 2015 blocks - approximately 14 days. June 25, that is, two weeks from June 11, the waiting period for transaction confirmation from 870 BTC has expired. In order not to lose funds, 870 BTC were available for expenditure to emergency Blockstream operators for half an hour. However, they transferred them to the new unspent transaction output (UTXO), which allowed to reset the counter of the emergency smart contract and not lose money forever.
Prestwitch claims to have discovered Blockstream actions by accident. On Twitter, he wondered, “ How often could this have happened before?” "And accused the company of violating the security model. He also raised the question that the protocol code "is not completely open source, so we cannot verify how it works ."
A few hours later, Prestwitch’s message was answered by the head of Blockstream Adam Back, saying that the company is aware of the problem and is engaged in its solution. The message did not reassure the crypto community - it turns out that emergency Liquid Network operators gain access to user funds every two weeks. And if the developers were silent about this vulnerability, then what other problems did they not talk about? In the comments, it came to accusations that the Liquid Network is not a real sidechain.
Blockstream explained the incident
On June 29, Blockstream CEO Adam Beck published an official explanation of what happened, in which he explained the vulnerability mechanism in more detail. According to him, the problem was caused by a mismatch between the time limit parameters used by the host server on which the protocol operates and the hardware security modules (HSM), in which emergency keys are stored. The error led to the fact that the reset of the temporary counter occurred after its expiration, and not "before", as was necessary.
Back said that such a problem had previously happened only with small transactions. But due to the rapid growth of the Liquid Network from 100 BTC in December last year to more than 2,000 BTC now, an error occurred on a major transaction.
Adam Beck assured that all 870 BTC and other funds on the network were and remain safe - backup keys are not used to fix the problem, and time limits were updated by the network without any manual intervention. In addition, the error only opens the possibility of internal theft by employees - it is impossible to steal coins “from the side” in this way.
Blockstream works to fix the vulnerability
Beck admitted that the project team had known about the vulnerability for 18 months, but its elimination was delayed due to “ external problems in coordinating updates on the functional servers serving the network ”. The developers decided not to report the problem publicly until it was fixed.
Back said that the company is working to solve the problem, and promised to fix the bug in the near future. However, this is a complex process. The developers updated the server software, but the software for the hardware security modules remains unchanged. These are physical devices geographically distributed across different countries, and coordinating their updates is difficult.
However, the code for updating them has already been submitted to the Liquid Technology Commission and will be launched after approval. The developers are also working on the phased deployment of "dynamic update" (DynaFed), which should significantly change the protocol and make it more reliable. In the comments for CoinDesk, Blockstream Marketing Director Neil Woodfine clarified thatthese updates should be implemented by the fourth quarter of 2020.
Why the crypto community does not trust Liquid Network
Blockstream makes a huge contribution to the development of the Bitcoin infrastructure. Among her products:
Lightning Network - a second-level protocol for micropayments outside the main Bitcoin blockchain;
Blockstream Satellite - a satellite network broadcasting the Bitcoin blockchain;
Blockstream Green - secure Bitcoin wallet;
Blockstream Explorer - a Bitcoin network block browser compatible with the Liquid Network;
Elements project is a bitcoin platform that allows you to perform operations with various types of assets;
Blockstream Mining - a service for corporate miners;
Cryptocurrency Data Feed is an information service that tracks 400 trading pairs and market conditions.
But despite this, Blockstream and the Liquid Network enjoy an ambiguous reputation among the crypto communities, especially among bitcoin owners: the company is reproached for the desire to monopolize the infrastructure, and the Liquid Network for excessive centralization and opacity.
Liquid Network is a private network based on trusted functionaries. By keeping the BTC outside the main Bitcoin blockchain, the company gains significant control over users ’funds. It seems that these bitcoins belong mainly to exchanges and traders, but in fact they are coins of simple holders of the first cryptocurrency. The centralized security model contradicts the decentralized principle embodied in Bitcoin and makes Blockstream little different from traditional payment systems like SWIFT or PayPal.
Blockstream itself has a tarnished reputation. The company was caught hacking and voting manipulation on Reddit with the direct participation of former technical director Gregory Maxwell, working with former intelligence agents, and was also accused of trying to cash in on patents on SegWit.
In addition, a number of partners of the Liquid Network also have a certain fame and repeated cases of hacks on the account. So, the Bitfinex issuer, iFinex, constantly raises questions both from the crypto community and from law enforcement agencies - it is already accused of tricking customers and using the Tether stablecoin dollar reserves , as well as price manipulation . Against BitMex also put forward allegations of fraud, market manipulation and money laundering. The security concept of Liquid Network suggests that these organizations should trust their money to these organizations.
The incident with the 870 BTC, although it ended well, is clearly playing against the Liquid Network and Blockstream. The company knew about the problem for a year and a half, but for all this time did not find the resources to fix it and did not even notify the community.