Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » Technology » Bitcoin’s Lightning Network Faces Existential Risk in “Flood and Loot” Attack

Bitcoin's Lightning Network Faces Existential Risk in "Flood and Loot" Attack

by

Two Bitcoin researchers have just proven that a previously well-known vulnerability on Bitcoin’s Lightning Network could earn hackers a pretty penny.

Bitcoin's lightning network capacity is decreasing

Key Takeaways

  • Only nodes that accept the attacker’s requests to open a new payment channel are vulnerable.
  • Prior to the publication of their research paper, 95% of LN nodes were willing to open channels with unknown nodes.
  • The research paper was shared with the main developers of three LN implementations before it was publicly available.

Share this article

Two cryptocurrency enthusiasts from the Hebrew University in Israel tested a known attack vector involving Hash Time-Locked Contracts on the Lightning Network. They concluded that attackers could use these vulnerabilities to perform profitable attacks on unsuspecting victims.

What Is the “Flood and Loot” Attack?

The researchers, Jona Harris and Aviv Zohar, note that these vulnerabilities are inherent to the way HTLCs work, and avoiding this attack is impossible. 

For the uninitiated, HTLCs are a form of cryptographic defense mechanism that lets payment receivers and senders eliminate counterparty risk while using the Lightning Network, or at least that was the original intent. 

The attack enables a malicious actor to siphon Bitcoin from many victims simultaneously by overloading their channels and the lightning network’s capacity. 

“We show that only 85 simultaneously attacked channels are enough to guarantee that the attacker gets away with some money,” said one of the researchers in a blog post.

The victim cannot defend itself against the attack either. The cost of failing the attack is negligible, as the attacker only spends the transaction fees and no other assets in the process.

The attacker starts by opening as many payment channels with victims and sends transactions to another node that the hacker owns. 

Then at a time when Bitcoin transaction fees are high, the attacker accepts the transactions on one end but doesn’t deliver the HTLC owed amount on the other, forcing the victim to go to the blockchain to collect his fair share.

However, because the Bitcoin blockchain is congested and the attacker can change the fees he pays for his transactions, he can outbid the victim in a race to claim the HTLC. 

If the attacker is successful, the blockchain treats the transaction as if it never happened, and returns all funds to the attacker.

The End of Bitcoin’s Lightning Network?

The researchers began studying this particular vulnerability after Bitcoin developer Matt Corallo discovered it on Apr. 21, 2020. Users on Twitter are expressing a mixture of disbelief, disappointment, theories on possible solutions, and accolades for the researchers. 

Solving this issue is vital for keeping the Bitcoin’s dreams of a speedy layer 2 solution alive.

Already, Ethereum is showing greater promise in this regard. As of last week, 10,000 synthetic BTC have merged into the growing DeFi space.

The future nonetheless looks bright for Bitcoin. Jona Harris told Crypto Briefing that: 

“I believe the Lightning Network is here to stay. The community is aware of it and continuously works on improving the protocol.”

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.