Blockstream’s Liquid Network Could be Susceptible to Hardware Vulnerabilities
Bitcoin technology company Blockstream has conceded its flagship Liquid Network could be susceptible to hardware vulnerabilities. Following recent disclosures that certain Chinese-manufactured motherboards include backdoors, Blockstream has authored a post conceding that such an exploit could allow an attacker to infiltrate their off-chain bitcoin transfer system.
Hardware Vulnerability Exposes New Risk Posed by Centralization
During the Liquid functionary server design process, we knew that the threat of compromised hardware was a legitimate concern. In designing Liquid, a commercial second layer Bitcoin solution, the controversial company has had to assemble components that include a proprietary key module connected to a server. Should the private key data be leaked, potentially through a backdoored computer chip, huge losses could be incurred.
Once fully operational, Liquid will be responsible for funneling huge amounts of BTC between cryptocurrency exchanges. Such transfers have always been performed on-chain, but the introduction of Blockstream’s own network could unwittingly expose the bitcoin ecosystem to a new attack vector. While such an attack would require sophistication to pull off, the rewards of successfully infiltrating the Liquid Network, such as through a hardware backdoor, could incentivize state-sponsored hackers to attempt such a feat. The company conceded: While there is no indication that our motherboards were compromised, we cannot rule out this possibility.
Blockstream Initiates Third Party Security Audit
Blockstream is to commission a security audit of its hardware modules to determine whether they are at risk from the so-called Supermicro vulnerability that has exposed around 30 US companies including Apple and Amazon, to Chinese spies. Moving forward, we are continuing our risk mitigation strategy for hardware threats through a variety of techniques, including increasing our supplier diversity so that no single compromised vendor would adversely affect the Liquid Network. We will ship a sample of our motherboards to a third-party security company for extensive examination.
Blockstream finished by asserting: We believe that the Supermicro vulnerability, if independently confirmed and if present on our servers, is mitigated by other aspects of the Liquid security design. Bitcoin was initially designed so that all transactions should be performed on-chain, making them fully auditable on a public ledger, with the transparency this provided ensuring complete accountability for counterparties. While the company has every incentive to rigorously screen its hardware for threats and to take robust measures to mitigate these, the mere possibility of Bitcoin being compromised in such a fashion is a cause for concern.
Such a provision could be beneficial for participants, but a fatal hardware flaw could have ramifications that effect upon the entire Liquid ecosystem. With Blockstream exerting sole control over the project, its centralized nature makes the company a target for the same sort of backdoors which have afflicted some of America’s largest tech companies. Having been under development since 2015, Liquid is a complex and as yet unproven technology.