There was a security breach on Liquid’s sidechain …

There was a security breach on the Liquid sidechain when moving bitcoins worth $ 8 million

Bitcoins on the Liquid Network sidechain have become temporarily available for withdrawal by the Blockstream company that created it, writes Cointelegraph with reference to the founder of Summa startup James Prestwich.

According to Prestwich, Liquid’s transactions are set up so that after 2,015 blocks, or approximately two weeks in processing, control of the assets is transferred to a contract that requires 2 of 3 signatures to be sent instead of the standard 11 of 15. Transfer of control is a documented possibility. Liquid Network, it should only be used in extreme cases, for example, when most of the signatures are unavailable on the network.

As the developer found out, 870 bitcoins worth about $ 8 million were stuck in the queue and awaited processing from June 11. As a result, the waiting period expired, and these bitcoins were available for use by Blockstream in three blocks, or for about 30 minutes. The assets were subsequently tied to a new unspent transaction output, allowing the counter to be reset.

“This was not a normal operation. If someone says so, he is delusional. This directly contradicts their documentation and public statements, “Prestwich commented..

There was a security breach on Liquid's sidechain ...

Blockstream Marketing Director Neil Woodfine admitted to having an issue caused by a “mismatch in the temporary locks of the hardware security modules.” He also noted that usually the problem involved small amounts, but the growth of the Liquid Network led to the fact that a fairly large transaction was included in this number. In fact, the assets were not at risk, Woodfine said, as the requirement for 2 out of 3 signatures remained. In the near future, the company will try to fix the problem with a software solution, since it is very difficult to fix it in the hardware module itself..

Prestwich added that Blockstream does not openly share the entire code of the Liquid Network, so it is impossible to fully establish the circumstances of the incident..

There was a security breach on Liquid's sidechain ...