A Dangerous Bug in Bitcoin’s Lightning Network Has Been Fixed

While initially flagged to the public on Aug. 30 by bitcoin developer Rusty Russell, the full disclosure detailing how this vulnerability could be exploited by an attacker was released Friday.

A popular payments network running atop the bitcoin blockchain suffered from a long-standing code vulnerability – one where attackers could drain users’ of their money.

“An attacker can claim to open a lighting payments channel but either not pay to the peer, or not pay the full amount”, Russell wrote in the full disclosure.

The lightning network is a Layer 2 payments protocol enabling ultra-fast and nearly costless transactions atop the bitcoin blockchain. In order for users to send transactions across the lightning network, they must open what are called “payments channels” to send and receive funds from other lightning users.

Without the proper checks, an attacker could pretend to open a new payments channel and send fake transactions. Being duped, an honest user could then send back real money to the attacker not knowing the previous transactions had been completely artificial. It’s unclear how many users fell victim to such attacks.

Already, all major lightning software clients have been upgraded to fix this vulnerability, according to Russell.

When asked why it took three months for the vulnerability to be disclosed to users, Pierre-Marie Padiou – the CEO of a company maintaining one of the three most popular lightning implementations – said developers had to err on the side of caution.

“The problem with this vulnerability is that once you know about it, it seems so obvious”, said Padiou. “Three months is not a long time. It’s a pretty short time because you have to give users the amount of time needed to update. … A lot of users don’t do it.”

Lightning developers, he added, did not want to risk revealing the vulnerability until absolutely sure no users were at risk.

“There are always problems. Even on the bitcoin protocol, there have been bugs”, Padiou said, adding:

“There will always be bugs. What matters the most is how to handle this in the best way to protect users.”

Spread the love
FacebookTwitterLinkedinRedditMixWhatsappWordPressTelegramVkontakte
Share

Recent Posts

Ethereum’s One Month Correlation with BTC Drops to 68% as $3k Beckons
  • Ethereum News 2

Ethereum’s One Month Correlation with BTC Drops to 68% as $3k Beckons

$3k Possible for Ethereum in the Month of May. Ethereum’s ongoing…

Ethereum 2.0 Deposit Contract Now Holds 4M ETH Worth $10.8B
  • Ethereum News 2

Ethereum 2.0 Deposit Contract Now Holds 4M ETH Worth $10.8B

Ethereum Aims for new ATHs as Options and Futures Expire…

Tesla sold 10 percent of its bitcoins. Cause of concern for cryptocurrency investors?
  • News coin 2

Tesla sold 10 percent of its bitcoins. Cause of concern for cryptocurrency investors?

Tesla released its first quarter 2021 earnings earlier this week.…

Gemini Exchange to Issue Its Own Credit Card for Cryptocurrency Cashbacks
  • News coin 2

Gemini Exchange to Issue Its Own Credit Card for Cryptocurrency Cashbacks

Users of the large cryptocurrency exchange Gemini will soon get…

Iranian government will use mined cryptocurrency to fight economic sanctions
  • News coin 2

Iranian government will use mined cryptocurrency to fight economic sanctions

Iran continues to explore the potential use of cryptocurrencies as…

Ethereum’s Recent High Fees Pushed More USDT to Tron
  • Ethereum 2019 News

Ethereum’s Recent High Fees Pushed More USDT to Tron

Tether’s Market Cap Hits $50 Billion. Mr. Ardoino’s comments were in…