Lightning Network Danger Vulnerability Details are disclosed, new versions of clients are not affected

According to Coindesk's September 28 report, the developer of the Bitcoin Lightning Network, Rusty Russell, announced details of the network vulnerability discovered in August (the attacker could steal the user's funds through this vulnerability) and proposed a solution.

Bullet-holes-1744860_1280 (Source: pixabay )

Russell wrote in the complete disclosure of the information:

Before the payment channel is opened, the lightning network node must check whether the output of the funds transaction meets the criteria. Otherwise, the attacker can open the payment channel without paying or not paying in full. Once the transaction reaches the minimum depth, the attacker can transfer funds from the channel. The victim will only notice that his funds have been transferred when he closes the payment channel, but any action or even closing the transaction will not recover the loss.

Lightning Network is Bitcoin's second layer payment protocol, which supports ultra-high-speed, low-cost transactions on the Bitcoin blockchain. In order to send a transaction by using a lightning network, the user must open a "payment channel" to send and receive funds from other users.

If the node does not properly check the payment channel, the attacker can pretend to open a new payment channel and send a fake transaction. After being deceived, the user will send funds to the attacker without knowing that the previous transaction was completely false. It is unclear how many users are victims of such attacks.

Russell said that all major lightning network clients have been upgraded and fixed.

When asked why it took three months to disclose the vulnerability to users, ACINQ CEO Pierre-Marie Padiou said developers must be cautious about this type of problem.

Padio said:

If you publish the details of this vulnerability, it will become very easy to exploit. Three months is not long, because you have to give users enough time to update their clients, and many users will not update.

He added that developers of Lightning Networks didn't want to risk exposing the vulnerability until it was completely certain that no users were in danger:

The problem will always arise. Even in the Bitcoin protocol, there are loopholes. The most important thing is how to deal with these issues in the best way to protect the security of users' funds.

Solution for this vulnerability

Russel also proposed a solution to the above problem. Once the node sees the new payment channel, it "must check if 'funding_created' is the transaction output for the funds and display the amount in 'open_channel'."

The document also warned that Lightning Network Client c-lightning version 0.7.1 and above will perform the process correctly and urge users to upgrade their older versions of the client.

On September 10th, London-based startup Lightning Labs and ACINQ's chief technology officer Osuntokun also said they found examples of the exploit being exploited. In order to avoid the risk of financial losses, Osuntokun strongly recommends that users update the version of the Lightning Network Client. The affected versions include 0.7 and below for LND, 0.7 and below for c-lightning, and 0.3 and below for Éclair.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

report! This 14,000-person hacker organization is eyeing the exchange | DVP hackers are coming to an end

According to Baihuhui, in 2018, the economic loss caused by security problems in the digital currency industry was 2....

Blockchain

Long text: the change of the encrypted asset exchange and the risk challenge

Encrypted asset exchanges, like traditional exchanges, are products that develop to a certain period of time. With th...

Blockchain

Wuzhen News | BKEX founder Ji Jiaming confirmed attending the World Blockchain Conference, he will bring the heavy news of BKEX

On November 8-9, 2019, the second blockchain conference hosted by Babbitt·Wuzhen will be held in Wuzhen. BKEX (c...

Blockchain

Who is the information of the user who sells the coin? What have the leaked information been taken?

While enjoying the convenience of the Internet, it also makes privacy data a step closer to streaking. Recently, many...

Blockchain

Comment: The exchange is open finance

Foreword: In the current encryption world, exchanges are the biggest catchers of value. Because of the user's de...

Blockchain

The second phase of the fire coin Prime project led the disputed person to claim that two exchanges were “strong”

Huobi Prime's second phase project started with a long-awaited call, and was fixed as Newton Project. The inside...