Lightning network has security risks, users need to update the client as soon as possible

According to, August 31, Rusty Russell, developer of the Bitcoin Lightning Network, said:

Many lightning network related projects have security issues that can result in the loss of user funds.

In the post shared by the lightning network mailing list, he said that the "full details of the security issue will be announced within 4 weeks", presumably to prevent hackers from exploiting this vulnerability.

Russell urged all users running the Lightning Network to upgrade and publicly stated:

Everyone should complete the upgrade within a period of time, and make sure that the version of the client you are running the Lightning Network c-lightning is < 0.7.1, lnd < 0.7, eclair <= 0.3, and these versions are very vulnerable.

There are currently three vulnerabilities reserved in the Common Vulnerabilities Disclosure (CVE, a vulnerability dictionary recognized by security practitioners, which you can use here to find vulnerability information for different applications or systems). One of them said:

This vulnerability has been retained by an organization or individual. When the vulnerability is announced, we will provide more details about it.

Recently released a new version of the Lightning Network client, which is clearly not affected by the above vulnerability:

Screen Shot 2019-08-31 at 3.30.45 PM (Source: Twitter)

We are pleased to announce the #clightning 0.7.2 version, "Zhong Ben Cong was pre-approved by the US Congress" just released!

This release includes dynamic plugin management, support for upcoming signets, many performance improvements, and some minor fixes.

– Christian Decker, August 20, 2019 Now we don't know what happened. The above vulnerability is mainly aimed at the older lightning network nodes.