On September 11, according to lightning network developers, the old version of Lightning Network software has serious security vulnerabilities. If users do not update, they may lose money.
As early as August 30, Lightning Network developer Rusty Russel first disclosed the vulnerability , and on Wednesday, Lighto Labs chief technology officer Olaoluwa Osuntokun confirmed this.
It is unclear whether there are losses to users (or, if any, how much), and how many users are affected (Note: One of the characteristics of Lightning Networks is that it is anonymous).
- Bakkt three-step test, why are bitcoin ETFs all the way?
- Opinion | a16z: Libra should give up a basket of currencies, only anchored with the dollar
- What is the recent hot Bakkt?
- Is the opportunity for Bitcoin coming? Global $17 trillion negative-yield bonds allow more investors to vote for Bitcoin
- BCH protocol upgrade countdown: More than 68% of BCH nodes support upgrade
- Exclusive | Central bank officials first started the app to explain Libra and central bank digital currency
Osuntokun warned on the developer mailing list that multiple versions of lightning network nodes are vulnerable to attack and they should be updated immediately, adding that:
"We have confirmed instances where CVE vulnerabilities have been abused."
As of now, Lightning Network is an experimental layer-2 expansion solution designed to allow for almost no-cost transactions, making it possible to purchase daily transactions such as coffee with bitcoin.
However, the existence of CVE vulnerabilities suggests that this technology still has problems with any code financial products.
“Security issues have been discovered in various lightning network products, which can cause users to lose money,” Russel wrote in his initial post. “All details will be released within 4 weeks (2019-09-27), please Upgrade before this."
Osuntokun stressed that the lightning network is still in its infancy.
"Please upgrade to the latest version because they are not risky. These new software are:
- Lnd 0.7.1
- C-lightning 0.7.1
- Eclair 0.3.1
This is also a good opportunity to remind us of the limitations of the Lightning Network to mitigate the losses of funds in the early stages, and vulnerabilities generally exist. (Translator's Note: Developers have imposed a limit on the number of lightning networks in the early days, the purpose is to prevent the immature lightning network from causing users to lose too much money, which is also a foresight .)
Don't invest more than the amount of money you can afford on the lightning network! ” It is reported that the affected lightning network software includes all LND 0.70 and below, C-Lightning 0.70 and below and E Clair 0.3 and below.