Blockstream Bug Opened Liquid Network to $16 Million Bitcoin Theft

Blockstream Bug Opened Liquid Network to $16 Million Bitcoin Theft

Key Takeaways

  • A bug in Blockstream’s Liquid Network may have allowed workers to steal Bitcoin with minimal authorization
  • Blockstream has carried out a workaround and is at present growing a everlasting resolution
  • No funds have truly been stolen throughout the 18 months that the account was compromised

Share this text

Blockstream’s Liquid Network contained a vulnerability till at present that might have allowed thousands and thousands in BTC to get stolen. The bug was disclosed by James Prestwich, a Bitcoin developer and founding father of the crypto startup Summa One.

How the Bug Works

The safety vulnerability affected a vital account on the Liquid Network due to inconsistent timelocks.

That inconsistency may have allowed workers to withdraw Bitcoin from by an emergency restoration course of that requires 2 of three keyholders to signal a transaction. This bug would bypass the correct multisig course of, which requires 11 of 15 keyholders to signal a transaction.

According to Prestwitch, the susceptible account managed 870 BTC ($eight million) for over an hour this week. However, the bug may have compromised thousands and thousands of {dollars} earlier than the final transaction: the potential exploit has existed for 18 months and affected greater than 2,000 UTXOs.

Blockstream’s Response

Blockstream CEO Adam Back has responded and admitted that the bug was a “known issue.”

Back says {that a} full repair has been underway for a while, however has been delayed for a number of causes. He added that builders are at present working with the Liquid Federation to create and deploy a last patch. Right now, a workaround is in place that may resolve the issue in a short lived and restricted manner.

Cred - earn easier

Adam Back famous that Blockstream’s dealing with of the scenario “is not up to [its] usual standard of trust-minimization.” To Blockstream’s credit score, no funds have truly been stolen. Furthermore, the bug solely opens the opportunity of inside theft by workers—not an outdoor assault.

Why Blockstream Is Controversial

Blockstream and the Liquid Network are considerably controversial among the many crypto group, particularly among the many Bitcoin group.

While Blockstream funds improvement of Bitcoin itself, the corporate’s Liquid Network is a federated sidechain that shops BTC outdoors of the primary Bitcoin blockchain. That implies that the corporate maintains vital management over the funds of customers who belief it—usually enterprises and exchanges that depend on it for transfers and settlement.

Liquid’s bug is unlikely to have an effect on normal crypto holders. Regardless, the information is a reminder that traders who want to keep most management over their Bitcoin ought to achieve this by holding it in their very own non-custodial pockets.

Share this text

Be the first to comment

Leave a Reply

Your email address will not be published.


*