Bitcoin’s LN Developer Discloses the Network’s Vulnerability

Published at: Sept. 28, 2019

Bitcoin’s (BTC) Lightning Network (LN) developer Rusty Russel has published the full disclosure of the network’s vulnerability discovered in August, accompanied by a solution.

Russel pointed out that the vulnerability appeared while opening funding channels. The described process does not require that receivers check if a transaction is the one promised by the funder in terms of amounts and the actual scriptpubkey. 

Scriptpubkey is an output transaction script that requires specific conditions to be observed for a receiver to spend their Bitcoins. The file explains:

“A lightning node accepting a channel must check that the funding transaction output does indeed open the channel proposed. Otherwise an attacker can claim to open a channel but either not pay to the peer, or not pay the full amount. Once that transaction reaches the minimum depth, it can spend funds from the channel. The victim will only notice when it tries to close the channel and none of the commitment or mutual close transactions it has are valid.”

A possible solution

Russel also proposed a solution to the aforementioned problem. Once the funding transaction is seen, peers “must check that the outpoint as described in `funding_created`[1] is a funding transaction output[2] with the amount described in `open_channel`[3].”

The file also warns that c-lightning versions 0.7.1 and above perform the process correctly, urging users to upgrade the older versions of their Lightning Nodes.

On Sept. 10, Olaoluwa Osuntokun, CTO at LN-focused startups Lightning Labs and ACINQ, also claimed to have found instances of the vulnerability being exploited. In order to avoid the risk of losing funds, Osuntokun strongly advised users to update their LN versions. The affected versions included, per Osuntokun, LND nodes version 0.7 and below, c-lightning nodes version 0.7 and below, and eclair nodes version 0.3 and below, the post noted.

On Sept. 26, the number of Bitcoin’s LN nodes reached 10,000 for the first time. 

As Cointelegraph previously reported, Andreas Antonopoulos announced his new “Mastering Lightning Network” book, co-authored by René Pickhardt and Lightning Labs CTO Olaoluwa Osuntokun.

Tags
Related Posts
Major Asian Ticketing Agency Accepts Bitcoin on Lightning Network
Vietnamese online ticketing agency Future.Travel now accepts Bitcoin (BTC) payments via the Lightning Network (LN), with funds being converted into local currency at the time of sale. To enable LN-based Bitcoin payments, Future.Travel collaborated with Canada-based tech firm Neutronpay, which will provide Future.Travel its multi-currency merchant platform, according to an April 20 announcement. With the newly integrated option, the BTC transaction processing time will ostensibly be cut down to three to four seconds in most cases. Eliminating fraud, reducing transaction processing time Overall, Future.Travel has been supporting BTC payments for over six years and recently added other cryptocurrencies like Litecoin …
Adoption / April 20, 2020
Lightning Labs CTO Confirms LN Vulnerabilities ‘Exploited in the Wild’
Following a recent warning on vulnerabilities on Bitcoin’s (BTC) Lightning Network (LN), a startup claims to have found instances of the vulnerability being exploited. Upgrade advised to avoid loss of funds Olaoluwa Osuntokun, CTO at LN-focused startups Lightning Labs and ACINQ, revealed the news in a brief statement on Linux Foundation’s domain on Sept. 10, claiming that there are confirmed instances of Common Vulnerabilities and Exposures (CVE) “being exploited in the wild.” The vulnerability was first reported on Aug. 30 by LN coder Rusty Russell. At the time, the Australian software programmer warned of security issues in a number of …
Bitcoin / Sept. 10, 2019
Bitcoin Lightning Nodes Claimed 2.22 BTC in 'Justice' Against Thieves: BitMEX
Bitcoin (BTC) Lightning Network nodes have claimed 2.2 BTC in “justice transactions” to deter potential thieves, a BitMex Research analysis revealed on July 15. A so-dubbed “justice transaction” is a punitive mechanism involving the closure of a lightning channel that is suspected to be attempting theft. As the report outlines: “[B]y design, when a thief attempts to steal funds on the lightning network, if caught, they do not only lose the money they tried to steal, they lose all the funds in the relevant channel. This ‘punishment’ is expected to act as a deterrent and is sometimes called ‘justice’. BitMEX …
Bitcoin / July 15, 2019
Bitcoin transaction fees briefly doubled yet remain exceptionally low
Got some Satoshi to send or Bitcoin (BTC) wallets to reorganize? It’s increasingly cheap to do so. According to an Arcane Research report, Bitcoin “transaction fees have stayed low since July 2021, showing no signs of rising.” There was, however, a small bump in transaction fees last week. Shown as a small jump at the tail end of the graph, clustering of the mempool pushed “up the average transaction fees per day over the past seven days to $691,000, a doubling since last Tuesday.” Nonetheless, the doubling in transaction fees is insignificant: transaction fees remained in a low range. Miners …
Adoption / March 9, 2022
Bitcoin hash rate marks all-time high as BTC price drops below $25K
Bitcoin (BTC) hash rate, a network security measure based on computing power for mining, achieved a new all-time high (ATH) of 231.428 exahash per second (EH/s) amid an ongoing bear market that witnesses BTC price plunging below the critical $25,000 mark. Hash rate is directly proportional to the computing power of mining equipment for confirming transactions, which deters bad actors from manipulating on-chain transactions. Complimenting the new hash rate ATH, the Bitcoin network difficulty stands at a strong position of 30.283 trillion. Some of the most popular Bitcoin mining pools based on market share include Poolin, AntPool, F2Pool, ViaBTC and …
Blockchain / June 13, 2022