Lightning Developers Reveal Anatomy Of Network Bug
Some were more affected than others.
Share this article
Cryptography may be the foundation of a secure network, but human factors should never be underestimated. Bitcoin developers have finally revealed the details of a vulnerability in the Lightning Network, which was first discovered last this month.
As explained on a mailing list for Lightning developers, the issue was related to the process of opening a new payment channel. When a Lightning node accepts a new channel, it must first check that the funding transaction does actually open the proposed channel. Failure to do so means that an attacker can claim to open a channel while not paying the peer, or providing only part of the necessary sum.
Victims will only notice the loss of funds when they try to close the channel, only to find out that the resulting closing transactions are invalid.
Different Lightning clients were affected in different ways. C-lightning was affected the most, making it very easy to exploit prior to the fix in version 0.7.1. Other clients such as lnd and eclair required special circumstances to trigger the bug, with versions 0.7.1 and 0.3.1 respectively being fully immune.
Is Lightning Safe?
The bug was discovered by Blockstream engineer Rusty Russell, who found it while working for protocol tests on Lightning specification. Rusty immediately disclosed the problem to the authors of popular clients c-lightning, eclair and lnd, who conducted their own investigations on the matter.
While the issue was dealt with discreetly, there are confirmed reports of the bug being exploited in the wild. It’s not clear how many bitcoins, if any, were stolen in this manner.
Despite these troubles, a recent formal study of Lightning Network Protocol security has proven that the protocol is theoretically as secure as the Bitcoin Network itself. That’s good news for hodlers, as Bitcoin’s network security hits a new All Time High.
While the Lightning Network still faces many hurdles, the latest vulnerability does not seem to have exposed any critical vulnerabilities in Bitcoin’s scaling solution. The number of Lightning Nodes has recently crossed the 10,000 mark, according to 1ML.