A bug in Blockstream’s Liquid Network could allow employees to steal Bitcoin with minimal authorization
Blockstream, the developer of Blockchain solutions for Bitcoin transactions operator of Liquid Network, generated some controversy in the main social networks after allegations that a security flaw in its network, which allegedly allowed its employees to steal BTC funds irregularly.
A bug in Blockstream’s Liquid Network could allow employees to steal Bitcoin
Several people reported this through the social network Twitter, who stated that this vulnerability in Liquid led to the alleged theft of some BTC 1,800 (estimated at $16.5 million), ensuring in turn that the company knew this gap. Still, there was no will on the part of the developers to implement the necessary changes.
Vulnerability discovered in Liquid allowing blockstream employees to steal bitcoin. 1800 BTC were affected, bug known to blockstream but never fixed. https://t.co/NdWmtM4Htl
— Coincocoon (@coincocoon) June 29, 2020
However, space, where these incidents associated with Blockstream and Liquid lent themselves to further debate, was on the Reddit social network, since on the r / CryptoCurrency channel, several people shared their opinion in favor and/or against the events.
Among the comments criticizing the alleged events, strong points stand out about the fact that Blockstream had a long-standing knowledge of this vulnerability. For example, there are user comments under the pseudonym “Reasonandmadness”:
“If something like this is known (A glitch), but it is never fixed, and users are not warned when they connect to the network, then it is a scam, a fraudulent scheme. There are no other ways to do it. They are intentionally ripping people off.”
For their part, other people also took the opportunity to question the criticism, assuring that it would be very risky for the company to turn a blind eye to a problem of this magnitude. In this regard, the user ” SnowBastardThrowaway” writes:
“Intentionally defrauding people of what exactly? No coins have been stolen with this vulnerability that we know of. If any BTC is stolen with this exploit, Blockstream almost certainly loses more than it earns in that process.”
Blockstream’s official response
Due to the commotion that this generated in the aforementioned social networks, the Blockstream team published an official statement yesterday through its Medium account, in which it offered the community more details regarding what happened.
There, the team assured that the problem in the Liquid network was reported by the developer James Prestwich last Friday, June 26, of which the team already had the knowledge and for which they were preparing a solution whose implementation was delayed due to external problems in the servers that support the Blockchain.
In this regard, the company ruled out that the funds were stolen and guaranteed that they are entirely safe. However, it acknowledged that they are not very happy since what happened is not up to the standards managed by Blockstream in terms of security, so who are working to implement an update shortly to solve these problems.
After briefly describing the operating model that guarantees the security of the assets in Liquid, the team ensured that the security breach was generated by an inconsistency between particular time blocking parameters, which affected the synchronization of the data.
Although this drawback had not been a problem of care in the past, this gap became much more relevant due to the increasing volume of operations with Bitcoin, which amounted to more than 2,000 BTC managed within the network.
And the apologies to the community
Finally, after presenting some technical specifications on the changes they plan to implement, the company’s managers apologized for the inconveniences generated, especially on how they handled the information with the interested public.
In this regard, Blockstream wrote:
“We will work with the Liquid Federation to improve the way important announcements are made about the network so that we will give more responsibility to the respective members.”
Lastly, the company indicated that for the next security, they would be launching a Help Center in which they will have clear information, associated with the operation of Liquid Network and the security model used.
- AugurV2 Will Be Launched On The Ethereum Mainnet On July 28, 2020
- Binance Is Finalizing A Deal To Acquire A Majority Stake In Crypto Startup Swipe.Io