Engineer Conner Fromknecht, head of cryptographic engineering at Lightning Labs. Fromknecht declared on October 9, 2020 that he has found a vulnerability affecting LND 0.10 and earlier versions of the Lightning Network.
The lightning network is a technological solution designed to solve the problem of transaction speed on the Bitcoin Blockchain.
Bitcoin was first released in 2008 but due to its construction, the Bitcoin network suffers from slow transaction speeds and high transaction costs. Bitcoin's transactions are manual; Bitcoin's blocking time or transaction speed is a few minutes. Bitcoin was then only able to process about 7 transactions per second. As a result, transactions take a long time to process and transaction costs are exorbitant.
The blockchain is a growing list of records, called blocks, which are linked together cryptographically. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data. It is like a large, distributed public ledger that continues to grow and expand as new blocks are added. Blocks are added chronologically.
By design, a blockchain is resistant to data modification; it can record transactions between two parties in an efficient, verifiable, and permanent manner. By storing data on its peer-to-peer network, the blockchain is a distributed registry technology (DLT) that allows data to be stored globally on thousands of servers, making it difficult for a user to modify the data.
That's why Joseph Poon and Thaddeus Dryja in 2015 proposed a solution to solve these problems (transaction time, security). Their solution was to provide a second additional layer that consists of several payment channels between the parties or bitcoin users.
Hence, the use and development of the Lightning network, a technology that uses micro payment channels to increase the capacity of its blockchain to carry out transactions more efficiently.
The Lightning network channel is a transaction mechanism between two parties. Through these channels, the parties can make or receive payments from each other. In other words, payment channels allow participants to transfer money between themselves without having to make all their transactions on the blockchain public.
On the lightning network:
- Two participants create an entry in the blockchain ledger that requires both participants to approve any spending of funds.
- Both parties create transactions that reimburse the ledger entry to their individual allocation, but do not release them to the blockchain.
They can update their individual allocations for the general ledger entry by creating numerous expense transactions from the output of the current general ledger entry.
- Only the most recent version is valid, which is enhanced by the Bitcoin blockchain.
- This entry can be closed at any time by either party without any trust or custody by releasing the most recent version in the blockchain.
As a result, transactions made on the lightning network are faster, cheaper and more easily confirmed than those made directly on the bitcoin blockchain.
The lightning network can also be used to perform other types of off-chain transactions involving crypto-currency exchanges.
For example, it is useful to facilitate atomic swaps, which allow to exchange one crypto for another without the intervention of an intermediary, such as the exchange of crypto-currencies.
Since its creation network, the lightning network is still under development; the problem that has been designed to solve is the slow transaction time and bitcoin throughput, which remains at about seven transactions per second (tps).
In June 2020, two researchers specializing in cryptomoney named Jona Harris and Aviv Zohar claim to have found a way to steal funds from the Bitcoin Lightning Network.
They argued in a research paper entitled 'Flood & Loot: A Systemic Attack On The Lightning Network' that savvy attackers might be able to 'plunder' other people's Bitcoins through the Lightning Network if users are not careful.
'Flood & Loot: A Systemic Attack On The Lightning Network' is the result of research by computer scientists Jona Harris and Aviv Zohar of the Hebrew University of Jerusalem, who have studied a 'systemic' attack on the Lightning Network more closely.
These researchers found that one of the risks that was identified early on was that of a large-scale systemic attack on the protocol, in which an attacker triggers the closure of several Lightning channels at the same time. The researchers stated:
'We find that a large majority of the active nodes (95%) are ready to open a channel on demand, and are therefore likely to become victims in our attack'.
According to research by Jona Harris and Aviv Zohar, an attacker is able to simultaneously cause victim nodes to overload the Bitcoin blockchain with requests and steal funds that were blocked in the channels. They stated:
'The resulting high volume of transactions in the blockchain will not properly settle all debts, and attackers could get away with stealing some funds'.
However, the researchers noted that this problem can be avoided by finding a way to detect hackers before they attack. But unfortunately, another vulnerability has recently been discovered in the lightning network.
A vulnerability in LND 0.10.x versions has been discovered and communicated to Lightning Labs, the developer of the Lightning Network.
Lightning developer Conner Fromknecht revealed it on October 9th on the project mailing list, where node operators were advised to update their software as soon as possible.
'While we have no reason to believe that these vulnerabilities have been exploited in nature, we urge the community to upgrade to version 0.11.0 or higher of LND as soon as possible,' he said.
The Lightning Network Daemon (LND) is a complete Golang implementation of a BOLT-compliant Lightning Network node developed by Lightning Labs. It can connect to Lightning Networks deployed on Bitcoin and Litecoin. It is an open source software under active development on GitHub.
In other words, the Lightning Network Daemon (LND) is an overlay network built on an existing blockchain protocol by creating an entirely new layer, providing instant, high-volume transactions that are designated in the standard blockchain currency.
This newly discovered vulnerability could affect all LND 0.10 and earlier versions, but version 0.11 was released at the end of August and contained the update, so most Lightning node operators have already upgraded to v0.11.0.
The announcement was published on October 9, 2020 by Conner Fromknecht, Protocol Engineer at Lightning Network (LN), who leads cryptographic engineering at Lightning Labs.
Lighting Labs also announced plans for a bug bonus program where developers will be rewarded with financial incentives for discovering future bugs.
The Lightning network is a solution dedicated to improving the speed of transactions on the Bitcoin Blockchain; however, the network is still under development and has vulnerabilities of its own. Does this mean that problems on the Bitcoin Blockchain are proving impossible to solve?
Written by Laetitia Harson, Project Manager
Cartam: Free marketplace for cryptocurrency users
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.