Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » Analysis » Lightning Developers Reveal Anatomy Of Network Bug

Lightning Developers Reveal Anatomy Of Network Bug

by

Some were more affected than others.

bitcoin developers reveal lightning bug

Share this article

Cryptography may be the foundation of a secure network, but human factors should never be underestimated. Bitcoin developers have finally revealed the details of a vulnerability in the Lightning Network, which was first discovered last this month.

As explained on a mailing list for Lightning developers,  the issue was related to the process of opening a new payment channel. When a Lightning node accepts a new channel, it must first check that the funding transaction does actually open the proposed channel. Failure to do so means that an attacker can claim to open a channel while not paying the peer, or providing only part of the necessary sum.

Victims will only notice the loss of funds when they try to close the channel, only to find out that the resulting closing transactions are invalid.

Different Lightning clients were affected in different ways. C-lightning was affected the most, making it very easy to exploit prior to the fix in version 0.7.1. Other clients such as lnd and eclair required special circumstances to trigger the bug, with versions 0.7.1 and 0.3.1 respectively being fully immune.

Is Lightning Safe?

The bug was discovered by Blockstream engineer Rusty Russell, who found it while working for protocol tests on Lightning specification. Rusty immediately disclosed the problem to the authors of popular clients c-lightning, eclair and lnd, who conducted their own investigations on the matter.

While the issue was dealt with discreetly, there are confirmed reports of the bug being exploited in the wild. It’s not clear how many bitcoins, if any, were stolen in this manner.

Despite these troubles, a recent formal study of Lightning Network Protocol security has proven that the protocol is theoretically as secure as the Bitcoin Network itself. That’s good news for hodlers, as Bitcoin’s network security hits a new All Time High.

Bitcoin hashrate all time high
Bitcoin Hashrate chart. Source: blockchain.info

While the Lightning Network still faces many hurdles, the latest vulnerability does not seem to have exposed any critical vulnerabilities in Bitcoin’s scaling solution. The number of Lightning Nodes has recently crossed the 10,000 mark, according to 1ML.

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.