Developer reveals 'biggest unsolvable Lightning attack vector'

Published at: Sept. 23, 2020

Independent Bitcoin Lightning developer, Joost Jager, has outlined an exploit of the micro-payments network that could result in channels being compromised with very little effort and negligible cost.

However, he said he’s hard at work on a possible solution.

1/ Lightning is great, but can't say it is battle-tested. If script kids would be interested, they could take down those shiny new 5 BTC #wumbo channels with negligible cost and no effort at all. pic.twitter.com/9PTkxfF042

— Joost Jager (@joostjgr) September 22, 2020

Jager specifies that the attack could be carried out on wumbo channels, which essentially allow larger transactions between mutually agreeing parties on the Lightning network.

A wumbo channel removes the limit to the total amount of Bitcoin that can be held in a regular Lightning channel — which is around $1,760 worth at today’s prices. It also removes the approx. $450 limit to how large an individual payment can be.

Jager said the wumbo channels can be exploited because the channel cannot hold more than 483 hash and time-lock contracts (HTLCs) at any time regardless of its capacity. So a malicious actor sending 483 micro-payments to themselves, and holding on to the HTLCs is enough to incapacitate a channel for up to two weeks.

The developer demonstrated that this could be achieved by using the maximum route length to add loops and more contracts to quickly reach that total for just a small initial outlay, 5.8 million satoshis in this example.

If the script kid is lucky, they only need to send 54 payments to get it done. A single tiny channel takes double-digit amounts of Bitcoin out of business.

He added that he had started a new firewall for Lightning nodes project called Circuit Breaker to address this problem. When asked whether this 'griefing attack' is the biggest unsolved attack vector on LN today, he added;

That depends on how you define biggest. There are other attacks that can make you lose money which seems worse. But this one is one of the biggest in terms of not knowing how to solve it.

With wumbo channels a user can signal that they want to send more BTC than the regular limits and find a node that is willing to receive. Regular Lightning users sending micropayments will not be affected but it is a much better option for business and enterprise payments.

Wumbo channels are growing in adoption and Bitfinex has been the latest to announce support for them;

#Bitfinex brings the Wumbo channel support to its #LightningNodes, allowing you to deposit and withdraw large amounts of #Bitcoin quickly and cheaply⚡Find out all the possibilities that the Wumbo channels #LightningNetwork integration brings you⬇️https://t.co/NR47JZY0y7 pic.twitter.com/5lCXJeXtkB

— Bitfinex (@bitfinex) September 22, 2020

The word “wumbo” comes from a cartoon series called SpongeBob SquarePants, and refers to the idea that two parties need to agree to ‘wumbo’ together for the transaction to take place.

Tags
Related Posts
Bitcoin bulls make a run on $45K after Twitter debuts crypto tipping
Bullish optimism is on the rise across the cryptocurrency market on Sept. 23 as prices continue to recover from this week's volatility which was the result of regulatory pressure on the crypto sector, the Federal Open Market Committee meeting on the Fed's interest rate hikes and monetary policy, along with fears that the Evergrande situation would ripple out to impact global financial markets. Data from Cointelegraph Markets Pro and TradingView shows that after trading in a range between $43,000 and $44,300 during the early trading hours on Sept. 23, the price of Bitcoin (BTC) spiked above $44,800 in the early …
Bitcoin / Sept. 23, 2021
Major Asian Ticketing Agency Accepts Bitcoin on Lightning Network
Vietnamese online ticketing agency Future.Travel now accepts Bitcoin (BTC) payments via the Lightning Network (LN), with funds being converted into local currency at the time of sale. To enable LN-based Bitcoin payments, Future.Travel collaborated with Canada-based tech firm Neutronpay, which will provide Future.Travel its multi-currency merchant platform, according to an April 20 announcement. With the newly integrated option, the BTC transaction processing time will ostensibly be cut down to three to four seconds in most cases. Eliminating fraud, reducing transaction processing time Overall, Future.Travel has been supporting BTC payments for over six years and recently added other cryptocurrencies like Litecoin …
Adoption / April 20, 2020
Lightning Labs Launches Lightning Network Client for Main Bitcoin Network
Blockchain development company Lightning Labs announced that it released the first alpha version of its Lightning Network (LN) client for the main bitcoin (BTC) network, according to a blog post published on April 23. The announcement specifies that this is still an early version aimed at testers and developers willing to start experimenting with the software. The developers also warn that the users should not put more funds into the app than they are willing to lose. Furthermore, while the release supports macOS, Windows and Linux, the post also specifies that it is an important stepping stone in the development …
Blockchain / April 24, 2019
Shopify Bitcoin payments integration triggers legal questions from the community
Following the announced integration of the payment app Strike with e-commerce platform Shopify to accept Bitcoin (BTC) through the Lightning Network, the crypto community raised concerns over the legal implications of the move. Crypto researcher Matt Ahlborg believes that the event is a very significant development for BTC as it allows the offloading of BTC without the need to go through the know-your-customer (KYC) process. What Jack Mallers is really saying is that you will be soon be able to offload your Bitcoins in the real world without KYC'ing through an exchange first. If this is true, it is actually …
Adoption / April 8, 2022
The Lightning Network Lunch: A Bitcoin contactless payment story
The Lightning Network (LN) just got a bit faster, as the suitably named Bolt Card now enables Bitcoin (BTC) enthusiasts to pay for goods and services using contactless technology. A data analyst at the company behind the card, CoinCorner, took the Bolt card on a trial run on the Isle of Man, a British Crown dependency in the Irish Sea. “MSW” — as he is known — tapped to pay at more than eight point-of-sale (PoS) devices during his lunchtime investigation. It worked like this: For any PoS device showing a Lightning invoice, MSW simply hovered the NFC-enabled Bolt Card …
Adoption / May 18, 2022