Developer Identifies Major Loophole in Bitcoin Lightning Network

Bitcoin developer Antoine Riard has identified and reported what he believes might be a major security risk in the Bitcoin Lightning Network. In a report recently published, Riard shared that the loophole could potentially endanger funds moving through the Lightning Network.

‘Lightning Network May Be Targeted for Attacks’, Developer Explains

Per the report, the vulnerability could permit bad actors to carry out a “transaction-relay jamming attack”. They could target this attack on a very important part of the Lightning Network that is known as Hash Time Locked Contracts (HTLC), Riard noted.

When bad actors orchestrate that kind of attack, they primarily aim to disrupt transactions. That is, there might be long delays in processing or transactions may not be settled at all. It is at this point that the network’s channels risk losing funds, according to the report.

Meanwhile, Riard also reassured that the report is merely a predictive one. The developer confirmed that observational data shows that there have not been any such attacks or anything related in the past 10 months.

He also added that the report was targeted at Lightning developers so that they can embark on corrective measures. According to Riard, these measures are now in place and have been deployed across major Lightning Network implementations like Eclair, LND, and C-Lightning. But then, he also admits that there is still a level of uncertainty about the effectiveness of these measures against more sophisticated forms of attack.

Riard noted in his report that the implications of the vulnerability could extend well beyond the Lightning Network. He said that there is a possibility that the loophole might also affect other Bitcoin protocols and applications. That includes coinjoins, peerswap, and batch payouts.

Riard Exits

It might be worth mentioning that Riard,  who first identified the said vulnerability, has also made an unexpected move. He published a note alongside his observational report, stating that he no longer works as a developer with Lightning. He wrote:

“Effective now, I’m halting my involvement with the development of the lightning network and its implementations, including coordinating the handling of security issues at the protocol level.”

Read other blockchain news on Coinspeaker.

Read More

2023-10-23 11:39