How did Liquid Network's control of 870 BTC cast doubt on Blockstream's reputation?


Due to a bug in Blockstream's Liquid Network sidechain solution, its employees had access to other people's funds for 18 month...

Due to a bug in Blockstream's Liquid Network sidechain solution, its employees had access to other people's funds for 18 months. Management was aware of the problem but did not report it. On June 25, the vulnerability was accidentally discovered by blockchain developer James Prestwich, who noticed that Liquid Network operators had access to 870 BTC frozen on the network. In this situation, the crypto community accuses Blockstream of being too centralized and possible fraud. The company's management says the funds were safe, no satoshi was stolen and the bug will be fixed soon. What is the reason for the vulnerability, why Blockstream was in no hurry to fix it and how much the company's reputation was damaged, we understand the material.

How the Liquid Network protocol works

To better understand what happened, let's briefly recall how the Liquid Network protocol works.
Liquid Network is a private, centralized sidechain of the Bitcoin blockchain that acts as a settlement and payment network for exchanges, traders, market makers and brokers. Liquid Network is developed and controlled by the Canadian company Blockstream and was launched for mainstream use in October 2018.
Liquid Network has 44 partners in total, including Atlantic Financial, OKCoin, Xapo, Bitfinex, Bitmax, BitME, BitMEX, Ledger, Tether, and Xapo among others. Since March of this year, the protocol has  overtaken  another Blockstream product in terms of the number of circulating bitcoins - a second-level Lightning Network solution. On the day the article was published, 2161 BTC  were blocked on the Liquid Network  - about $ 19.7 million.
Liquid Network is a separate additional blockchain built on top of the main Bitcoin network. It allows you to make instant transactions in large volumes, while maintaining confidentiality and keeping funds off the exchange.
Transactions are made using Liquid Bitcoin (L-BTC), special tokens pegged to Bitcoin in a 1: 1 ratio. A Bitcoin mainnet user first sends coins to the outgoing address of the swap wallet, which acts as a bridge between the sidechain and the mainnet. In it, coins are “frozen” by a group of validators - this excludes the possibility of spending coins elsewhere. Validators also ensure that each BTC in the sidechain has a matching BTC frozen in the wallet. After that, the amount of L-BTC equivalent to the sent bitcoins is transferred to the sidechain, and when sending from the sidechain to the main blockchain, everything happens in the opposite order.

How James Prestwich found the missing 870 BTC

On June 25, blockchain developer and founder of Summa startup James Prestwich  noticed that Blockstream operators gained access to  870 BTC  (≈ $ 7.9 million), which were stuck in the queue for processing a transaction on June 11. This came as a surprise to the developer and the crypto community. It was assumed that such an opportunity would be used by Blockstream employees only as a last resort.
Bitcoins sent to the Liquid network as L-BTC are frozen in a multi-signature wallet. To unlock coins, you need to confirm the authenticity of the transaction 11 out of 15 key holders (controlling nodes), selected at random.
An important condition,  spelled out  in the technical documentation of Liquid Network, is that if 30% of the nodes leave the network, for example, in a hacker attack, the funds held will be blocked forever. To prevent this from happening, all funds held by the Liquid Network are also available via a set of three emergency keys.
The emergency mechanism is triggered every time the processing of one transaction exceeds 2015 blocks - approximately 14 days. On June 25, that is, two weeks from June 11, the waiting period for confirmation of a transaction with 870 BTC expired. In order not to lose funds, 870 MTC within half an hour were available for spending by the emergency operators of Blockstream. However, they transferred them to a new unspent transaction output (UTXO), which allowed them to reset the emergency smart contract counter and not lose funds forever.
“It looks like Liquid's emergency operators, using two of the three keys, could steal 870 BTC as the confirmation of this transaction exceeded 2015 blocks,” James Prestwich tweeted.
Prestwich states that he discovered Blockstream's activities entirely by accident. On Twitter, he asked, “ How often could this have happened before? ”And accused the company of violating the security model. He also raised the issue that the protocol code "is not completely open source, so we cannot verify how it works ."
A few hours later, the  head of Blockstream, Adam Back, responded to Prestwich's message  , saying that the company is aware of the problem and is working on solving it. The message did not reassure the crypto community - it turns out that emergency operators of the Liquid Network gain access to users' funds every two weeks. And if the developers were silent about this vulnerability, then what other problems did they not talk about? The comments went as far as accusations that Liquid Network is not a real sidechain.
“We are aware of this problem. Coins are automatically moved further as part of the HSM [Hardware Security Modules] binding process. All funds are safe as the keys are offline and geographically distributed. We planned to fix the problem by updating the HSM, which is done manually for security purposes, but the quarantine due to COVID-19 made it difficult for us to do this, ”said Adam Back to Prestwich.

Blockstream explained the incident

On June 29, Blockstream CEO Adam Back  published an  official clarification of the incident, in which he explained in more detail the mechanism of the vulnerability. The problem was caused by a mismatch between the timing settings used by the host server running the protocol and the hardware security modules (HSMs) that store the emergency keys, he said. The error caused the reset of the temporary counter to occur after its expiration, and not "before", as was necessary.
Beck clarified that this problem had previously only happened with small transactions. But due to the rapid growth of the Liquid Network from 100 BTC in December last year to more than 2000 BTC now, an error occurred on a large transaction.
The growth of the number of BTC in the Liquid Network. Source .
Adam Back assured that all 870 BTC and other funds on the network were and remain safe - backup keys are not used in fixing the problem, and the time limits were updated by the network without any manual intervention. In addition, the error only opens up the possibility of internal theft by employees - it is impossible to steal coins "from the outside" in this way.

Blockstream is working to fix the vulnerability

Back admitted that the project team had been aware of the vulnerability for 18 months, but its fix was  delayed  due to " external problems in coordinating updates on functional servers serving the network ." The developers decided not to publicly disclose the problem until it is fixed.
Back revealed that the company is working on a solution to the problem and promised to fix the bug shortly. However, this is a complex process. The developers have updated the software of the servers, but the software of the hardware security modules has remained unchanged so far. These are physical devices geographically distributed across different countries, and coordinating their updates is difficult.
However, the code for their update has already been  submitted  to the Liquid Technology Commission and will be launched after approval. The developers are also working on a phased deployment of "dynamic update" (DynaFed), which should significantly change the protocol and make it more reliable. In comments to CoinDesk, Blockstream CMO Neil Woodfine clarified that these updates should be rolled  out by the fourth quarter of 2020.

Why the crypto community doesn't trust Liquid Network

Blockstream makes a huge contribution to the development of Bitcoin infrastructure. Among her products:
  • Lightning Network - a second layer protocol for conducting micropayments outside the main bitcoin blockchain;
  • Blockstream Satellite - a satellite network that broadcasts the Bitcoin blockchain;
  • Blockstream Green is a secure bitcoin wallet;
  • Blockstream Explorer - Liquid Network-compatible Bitcoin block explorer
  • The Elements project is a bitcoin platform that allows you to perform transactions with various types of assets;
  • Blockstream Mining is a service for corporate miners;
  • Cryptocurrency Data Feed is an information service that tracks 400 trading pairs and market conditions.
But despite this, Blockstream and Liquid Network enjoy an ambiguous  reputation  among the crypto community, especially among bitcoin owners: the company is reproached for its desire to monopolize the infrastructure, and the Liquid Network is accused of being too centralized and opaque.
The Liquid Network is a private network backed by trusted officials. By keeping the BTC outside the main Bitcoin blockchain, the company gains significant control over users' funds. It seems that these bitcoins belong mainly to exchanges and traders, but in fact they are coins of ordinary holders of the first cryptocurrency. The centralized security model contradicts the decentralized principle inherent in Bitcoin, and makes Blockstream little different from traditional payment systems like SWIFT or PayPal.
Blockstream itself has a tarnished reputation. The company was  caught  hacking and manipulating the vote on Reddit with the direct  involvement of  former CTO Gregory Maxwell,  working  with former intelligence officers, and also  accused  of trying to cash in on patents on SegWit.
In addition, a number of Liquid Network partners also have a certain fame and repeated cases of hacks on their account. So, the issuer of Bitfinex, iFinex, constantly faces questions from both the crypto community and law enforcement agencies - she is already accused of deceiving customers and using the dollar reserves of the Tether stablecoin, as well as manipulating prices. Against BitMex also  put forward  allegations of fraud, market manipulation and money laundering. The Liquid Network's security concept assumes that these are the organizations that network users should trust with their money.
“This is what happens when you use a closed system that requires you to trust someone. It worked this time, but history teaches us that as they grow, such systems work for the benefit of the user less and less. Let's call it the privilege of centralized control, "Twitter user @name_elsewhere summed up the incident with 870 BTC.
Although the incident with 870 BTC ended well, it clearly plays against Liquid Network and Blockstream. The company knew about the problem for a year and a half, but during all this time it did not find the resources to fix it and did not even notify the community.

Cryptocurrency Magazine - Crypto Market Updates: How did Liquid Network's control of 870 BTC cast doubt on Blockstream's reputation?
How did Liquid Network's control of 870 BTC cast doubt on Blockstream's reputation?
Cryptocurrency Magazine - Crypto Market Updates
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content