On September 11, according to lightning network developers, the old version of Lightning Network software has serious security vulnerabilities. If users do not update, they may lose money.
As early as August 30, Lightning Network developer Rusty Russel first disclosed the vulnerability , and on Wednesday, Lighto Labs chief technology officer Olaoluwa Osuntokun confirmed this.
It is unclear whether there are losses to users (or, if any, how much), and how many users are affected (Note: One of the characteristics of Lightning Networks is that it is anonymous).
- Jianan Zhizhi prospectus full interpretation: 99% of revenue comes from mining machines and related sales, future growth bets on AI chips
- The combination of stable currency and DeFi will create the next big event, said former Jetcoin Core developer Jeff Garzik.
- QKL123 market analysis | Bitcoin halved, history will not simply repeat (1111)
- Wuzhen·Daco Network CEO Nico Büchel: Europe is the largest cryptocurrency exchange market
- The funds can be stolen and can be withdrawn, the private key can be recovered, and the GateChain test network is officially released.
- The four fates facing Bitcoin, the survey shows that nearly 80% of people are optimistic about their long-term development
Osuntokun warned on the developer mailing list that multiple versions of lightning network nodes are vulnerable to attack and they should be updated immediately, adding that:
"We have confirmed instances where CVE vulnerabilities have been abused."
As of now, Lightning Network is an experimental layer-2 expansion solution designed to allow for almost no-cost transactions, making it possible to purchase daily transactions such as coffee with bitcoin.
However, the existence of CVE vulnerabilities suggests that this technology still has problems with any code financial products.
“Security issues have been discovered in various lightning network products, which can cause users to lose money,” Russel wrote in his initial post. “All details will be released within 4 weeks (2019-09-27), please Upgrade before this."
Osuntokun stressed that the lightning network is still in its infancy.
"Please upgrade to the latest version because they are not risky. These new software are:
- Lnd 0.7.1
- C-lightning 0.7.1
- Eclair 0.3.1
This is also a good opportunity to remind us of the limitations of the Lightning Network to mitigate the losses of funds in the early stages, and vulnerabilities generally exist. (Translator's Note: Developers have imposed a limit on the number of lightning networks in the early days, the purpose is to prevent the immature lightning network from causing users to lose too much money, which is also a foresight .)
Don't invest more than the amount of money you can afford on the lightning network! ” It is reported that the affected lightning network software includes all LND 0.70 and below, C-Lightning 0.70 and below and E Clair 0.3 and below.