Bitcoin: Liquid Operators Move 870 BTC Without Permission

Bitcoin has long been criticized for the low number of transactions the network can process in a given time. To overcome this problem, various solutions have been created, including Liquid. Unfortunately, the centralization of the sidechain created by Blockstream seems to pose problems.

Liquid Network

As we saw in the introduction, the Liquid Network is the response imagined by Blockstream to the scalability problem of Bitcoin. Indeed, the Bitcoin network can only process a limited number of transactions per second. What is more, in times of high usage, transaction costs can reach exorbitant amounts.

Thus, Liquid is a  sidechain. A sidechain is a blockchain that exists in parallel with another blockchain, in our case in parallel with Bitcoin. Users can transfer BTCs there which will be converted to Liquid BTC  (L-BTC) at a rate of 1: 1. These L-BTCs can then be exchanged or transferred to the Liquid blockchain without overloading the Bitcoin blockchain.

Unlike Bitcoin, this channel is not secured by miners, but by trusted operators. This design has led to a lot of criticism of the centralization of the network.

The exposed model

On Friday night, developer James Prestwich posted a Twitter thread regarding a surprising event on the Liquid network.

Thus, operators of the Liquid network would have ‚Äústolen‚Ä̬†870 BTC¬†(¬†$ 8 million),¬†since the transaction was 2015 blocks old.

‚ÄúFor just under and hour, the emergency 2-of-3 controlled 870 Bitcoin this violates liquid’s security model we know about this because liquid holds Bitcoin”¬†¬†Said Prestwich on Twitter.
As a reminder, the ‚Äú2-on-3‚ÄĚ refers to the 2 keys among the 3 belonging to the operators and necessary to sign a transaction deemed ‚Äúemergency‚ÄĚ for the network.

Unfortunately – and this is due to the design of Liquid – it is impossible to know the reasons for this ‚Äúseizure‚ÄĚ:

‚ÄúWe don’t know what caused it, because liquid federation behavior is trusted and closed.” He added

Obviously, the reactions were not long in coming. Adam Back said this was a known problem, but not resolved due to the COVID-19 crisis:

‚ÄúThis is a known issue. the coins are auto-swept forward as part of the HSM peg process. funds are safe as keys are offline and geo-distributed. we were planning to address via HSM upgrade, which is a manual hands on process for security, but covid lock-downs made that difficult.¬†¬†”¬†¬†He¬†replied

Whether or not the ‚Äúflaw‚ÄĚ is known, this does not change criticisms of the Liquid network.¬†Long presented as a ‚Äú¬†trustless¬†‚Ä̬†network, the truth could be quite different: operators can access funds as they see fit.¬†Bad news for the sidechain similar to the Lightning Network.