Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » Technology » Second Vulnerability in Bitcoin’s Lightning Network Discovered

Second Vulnerability in Bitcoin's Lightning Network Discovered

by

The Lightning Network has suffered a second vulnerability in the span of one year.

Second Vulnerability in Bitcoin's Lightning Network Discovered
Shutterstock cover by Kevin Pitcel

Key Takeaways

  • Lightning developers have discovered a vulnerability in the project's node software.
  • The vulnerability does not seem to have been exploited yet.
  • More details will be revealed by developers in the coming weeks.

Share this article

Developers have found a new vulnerability in the Bitcoin Lightning Network’s node software, according to a recently published disclosure notice.

Few Details Have Been Revealed

Lightning developer Conner Fromknecht disclosed the issue on Oct. 9 on the project’s mailing lists. The disclosure advises node operators to upgrade their software as soon as possible.

It is not clear how serious the vulnerability is. The disclosure does not reveal how the potential exploit works, though it does suggest that the vulnerability has not been exploited “in the wild. Furthermore, the bug has already been fixed: version 0.11 of the Lightning Network software solves the problem and was released in late August, which means that many Lightning node operators have already installed the fix.

However, the team notes that the vulnerability was discovered in such a way that the disclosure process has been shortened. Full details about the bug will be released on Oct. 20.

Lightning Labs also says that it will begin a “comprehensive bug bounty program” in the near future, meaning that there will be monetary rewards for those who discover future bugs.

Lightning Network Security in Question

The Lightning Network is a still-developing layer-2 payment protocol that operates on top of Bitcoin, enabling faster and cheaper transactions on the network.

This is the second time a vulnerability has been discovered in Lightning’s node software. Last year, Bitcoin developer Rusty Russell found a separate vulnerability that allowed attackers to steal funds by sending invalid transactions. Though Lightning Labs never announced how many users fell victim to the exploit, the team confirmed that the vulnerability was indeed exploited “in the wild.”

Both of these bugs concern short-lived programming oversights, not security issues that are fundamental to the design of Lightning itself. Many see Lightning Network as the most promising way to speed up Bitcoin transactions and reduce transaction fees. Major crypto companies like Bitfinex and CoinGate have adopted the Lightning Network without any apparent issues.

On the other hand, Lightning Labs itself has stated that the project is in its “early stages” and has advised users not to “put more money on Lightning than [they are] willing to lose.” As such, it is not clear whether the Lightning Network is truly ready for prime time.

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.