THELOGICALINDIAN - A longstanding bug in Blockstreams Liquid Network could accept accustomed for centralized annexation jeopardizing millions in Bitcoin
Blockstream’s Liquid Network independent a vulnerability until today that could accept accustomed millions in BTC to get stolen. The bug was appear by James Prestwich, a Bitcoin developer and architect of the crypto startup Summa One.
How the Bug Works
The aegis vulnerability afflicted an capital annual on the Liquid Network due to inconsistent timelocks.
That aberration could accept accustomed advisers to abjure Bitcoin from through an emergency accretion action that requires 2 of 3 keyholders to assurance a transaction. This bug would bypass the able multisig process, which requires 11 of 15 keyholders to assurance a transaction.
According to Prestwitch, the accessible annual controlled 870 BTC ($8 million) for over an hour this week. However, the bug could accept compromised millions of dollars afore the aftermost transaction: the abeyant accomplishment has existed for 18 months and afflicted added than 2,000 UTXOs.
Blockstream’s Response
Blockstream CEO Adam Back has responded and accepted that the bug was a “known issue.”
Back says that a complete fix has been underway for some time, but has been delayed for several reasons. He added that developers are currently alive with the Liquid Federation to actualize and arrange a final patch. Right now, a workaround is in abode that will break the botheration in a acting and bound way.
Adam Back acclaimed that Blockstream’s administration of the bearings “is not up to [its] accepted accepted of trust-minimization.” To Blockstream’s credit, no funds accept absolutely been stolen. Furthermore, the bug alone opens the achievability of centralized annexation by employees—not an alfresco attack.
Why Blockstream Is Controversial
Blockstream and the Liquid Network are somewhat arguable amid the crypto community, abnormally amid the Bitcoin community.
While Blockstream funds development of Bitcoin itself, the company’s Liquid Network is a amalgamated sidechain that food BTC alfresco of the capital Bitcoin blockchain. That agency that the aggregation maintains cogent ascendancy over the funds of users who assurance it—typically enterprises and exchanges that await on it for transfers and settlement.
Liquid’s bug is absurd to affect accepted crypto holders. Regardless, the account is a admonition that investors who ambition to advance best ascendancy over their Bitcoin should do so by captivation it in their own non-custodial wallet.