Bitcoin developer and founder of Summa, James Prestwich, discovered a security vulnerability in the Liquid Network, but it seems that the company developing this network, Blockstream, was already aware of said vulnerability.
In the statements of James Prestwich, developer of Bitcoin and founder of Summa One, an interoperability company for block chains and cross chains (Cross-chain), pointed out that Blockstream deliberately included the vulnerability within the network Liquid Network.
On his official Twitter account, the developer pointed out that Blockstream had written the error into the network's code. He further accused employees of being aware of this flaw and completely ignoring it, as this vulnerability gave them the opportunity to steal hundreds of BTC from the network.
Like Prestwich, several in the crypto community filed their complaints and complaints through the media and social networks, further stating that the security vulnerability found in the Liquid Network allowed the theft of approximately 1.800 BTC, which according to the price of Bitcoin As of the date of this publication, it exceeds 15 million euros.
To date, the CEO of Blockstream, Adam Back, stated that none of the BTC contained in the Liquid Network network were affected during the duration of the vulnerability, which is estimated to exceed 18 months.
It may interest you: Ren Protocol, Synthetix and Curve Finance implement yield farming for Bitcoin
Controversy around Blockstream
Since James Prestwich's accusations, the crypto community is active on social media surrounding Blockstream shares. Many community members revealed their discontent with the company's actions, as well as many others came to Blockstream's defense.
Meanwhile Adam Back, CEO of Blockstream, responded to one of Prestwich's tweets arguing that although the vulnerability of the network was known to them, the funds within Liquid remain safe since the private keys They are disconnected and geographically distributed.
Similarly, Back argued that Blockstream planned to fix the detected vulnerability through a hardware update. HSM (Hardware Security Module), but due to the COVID-19 pandemic it was difficult for them to carry out this task since it had to be done manually.
Likewise, Back published a article where he points out that Liquid Federation is working on developing a fix for the vulnerability. Let us remember that Liquid Network is a sidechain or side chain designed to operate with Bitcoin, allowing much faster transactions with the cryptocurrency through its token L-BTC which operates in a 1:1 ratio with BTC.
Liquid Federation Members
Liquid Network has a total of 44 organizations that make up the Liquid Federation, and who are in charge of monitoring the funds that are managed within the network. Among these companies and organizations, the Bitso, Ledger, Hayi, Poole's and many more.
Of all the members of the Liquid Federation, 15 organizations control and custody the funds in the network, among which only 11 firms are required to manage the funds available in the network. wallet. Likewise, the multi-signature Liquid has 3 main validator keys in case the rest of the 15 validators are not available at a given time; Of these 3 keys, only 2 are needed to recover the funds in case of an emergency. Blockstream ensures that these emergency primary keys are offline and geographically distributed around the world.
Security vulnerability in Liquid Network
Back pointed out that the vulnerability present in the network protocol is due to an inconsistency in the parameters of the timelocks, which allow locks to be updated after they expire rather than before, preventing data from synchronizing.
“The current issue is caused by an inconsistency between the time-locking parameters used by the functional HSMs and the functional servers. Due to this bug, some time locks are occasionally updated shortly after expiration, instead of before expiration as designed.”
Back then pointed out that due to this vulnerability a total of 870 BTC remained exposed for a period of 40 minutes, but that fortunately the funds were not affected, since it is not an external attack but rather a vulnerability that can be used only by Blockstream employees.
Likewise, Back pointed out that due to the growing volume of Bitcoin operations that currently occur within Liquid, the vulnerability gained greater importance, so they are working on its prompt solution.
This event, although it did not end in the theft of any of Liquid's funds, is a clear reminder to all those users who wish to keep their BTC and other cryptocurrencies stored safely, to do so through a non-custodial wallet instead of using trustworthy services.
Continue reading: Chainalysis: Over 60% of Current Bitcoin Supply Held as Long-Term Investment
