Lightning Network vulnerabilities have already been exploited

Lightning Network vulnerabilities have already been exploited

Bitcoin Core, the development team behind SegWitCoin (BTC) and its Lightning Network, apparently have issues. Rusty Russell, a software programmer who has been involved with the project, uncovered vulnerabilities recently that could lead to the loss of cryptocurrency and sent out a warning to the community to upgrade the network’s nodes. However, a new report sheds light on the issue and reveals that the warning may have come too late. The vulnerabilities may have already been exploited. 

Olaoluwa Osuntokun, the chief technical officer (CTO) for two startups tied to the Lightning Network – Lightning Labs and ACINQ – published a statement about the issue on the Linux Foundation’s website yesterday. He asserts that there are “confirmed instances” of the vulnerabilities having been “exploited in the wild” and, like Russell, urges node operators to upgrade as quickly as possible. 

The Common Vulnerabilities and Exposures (CVE) affect Lightning Network nodes version 0.7 and below, as well as eclair nodes version 0.3 and below and c-lightning nodes version 0.7 and below. As with all software in any environment, but particularly in financial settings, all linked applications should be kept up to date at all times. 

Lightning Labs recognizes the vulnerabilities and cautions users to avoid the network. It said in a tweet yesterday, “This is also a great time to remind folks that we have limits in place to mitigate widespread funds loss at this early stage. There will be bugs. Don’t put more money on Lightning than you’re willing to lose!”

The Lightning Network was introduced in December 2017 as the Core team decided that scaling the network was an impossibility. It has been stuck in beta testing since then and has been live on BTC’s mainnet since January of last year. Two years under beta seems like a ridiculously long time, but it proves that the solution is not as robust as developers had expected.

The solution has been problematic from the start and has already been targeted in at least one dedicated denial of service attack. It tries to circumvent the integrity of the blockchain’s core protocols and doesn’t deliver the results intended. Despite BTC developers’ belief that large blocks aren’t possible on any blockchain, the world already knows that this isn’t true, as Bitcoin SV’s (BSV) Quasar upgrade successfully led to blocks of two gigabytes being mined on the BSV blockchain. 

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.