Lightning network: Vulnerability, LND version 0.10 affected, upgrade to 0.11.0

Understanding the Lightning Network

Is it possible to steal Bitcoins on Lightning Network?

Increasingly vulnerable?

Lightning network: Vulnerability, LND version 0.10 affected, upgrade to 0.11.0

Engineer Conner Fromknecht, head of cryptographic engineering at Lightning Labs. Fromknecht declared on October 9, 2020 that he has found a vulnerability affecting LND 0.10 and earlier versions of the Lightning Network.

Understanding the Lightning Network

Bitcoin was first released in 2008 but due to its construction, the Bitcoin network suffers from slow transaction speeds and high transaction costs. Bitcoin’s transactions are manual; Bitcoin’s blocking time or transaction speed is a few minutes. Bitcoin was then only able to process about 7 transactions per second. As a result, transactions take a long time to process and transaction costs are exorbitant.

It is important to remember how blockchain technology works

By design, a blockchain is resistant to data modification; it can record transactions between two parties in an efficient, verifiable, and permanent manner. By storing data on its peer-to-peer network, the blockchain is a distributed registry technology (DLT) that allows data to be stored globally on thousands of servers, making it difficult for a user to modify the data.

Lightning Network: How does it work?

Hence, the use and development of the Lightning network, a technology that uses micro payment channels to increase the capacity of its blockchain to carry out transactions more efficiently.

The Lightning network channel is a transaction mechanism between two parties. Through these channels, the parties can make or receive payments from each other. In other words, payment channels allow participants to transfer money between themselves without having to make all their transactions on the blockchain public.

On the lightning network:

- Two participants create an entry in the blockchain ledger that requires both participants to approve any spending of funds.

- Both parties create transactions that reimburse the ledger entry to their individual allocation, but do not release them to the blockchain.

They can update their individual allocations for the general ledger entry by creating numerous expense transactions from the output of the current general ledger entry.

- Only the most recent version is valid, which is enhanced by the Bitcoin blockchain.

- This entry can be closed at any time by either party without any trust or custody by releasing the most recent version in the blockchain.

As a result, transactions made on the lightning network are faster, cheaper and more easily confirmed than those made directly on the bitcoin blockchain.

The lightning network can also be used to perform other types of off-chain transactions involving crypto-currency exchanges.

For example, it is useful to facilitate atomic swaps, which allow to exchange one crypto for another without the intervention of an intermediary, such as the exchange of crypto-currencies.

Since its creation network, the lightning network is still under development; the problem that has been designed to solve is the slow transaction time and bitcoin throughput, which remains at about seven transactions per second (tps).

Is it possible to steal Bitcoins on Lightning Network?

They argued in a research paper entitled ‘Flood & Loot: A Systemic Attack On The Lightning Network’ that savvy attackers might be able to ‘plunder’ other people’s Bitcoins through the Lightning Network if users are not careful.

‘Flood & Loot: A Systemic Attack On The Lightning Network’ is the result of research by computer scientists Jona Harris and Aviv Zohar of the Hebrew University of Jerusalem, who have studied a ‘systemic’ attack on the Lightning Network more closely.

These researchers found that one of the risks that was identified early on was that of a large-scale systemic attack on the protocol, in which an attacker triggers the closure of several Lightning channels at the same time. The researchers stated:

‘We find that a large majority of the active nodes (95%) are ready to open a channel on demand, and are therefore likely to become victims in our attack’.

According to research by Jona Harris and Aviv Zohar, an attacker is able to simultaneously cause victim nodes to overload the Bitcoin blockchain with requests and steal funds that were blocked in the channels. They stated:

‘The resulting high volume of transactions in the blockchain will not properly settle all debts, and attackers could get away with stealing some funds’.

However, the researchers noted that this problem can be avoided by finding a way to detect hackers before they attack. But unfortunately, another vulnerability has recently been discovered in the lightning network.

Increasingly vulnerable?

Lightning developer Conner Fromknecht revealed it on October 9th on the project mailing list, where node operators were advised to update their software as soon as possible.

‘While we have no reason to believe that these vulnerabilities have been exploited in nature, we urge the community to upgrade to version 0.11.0 or higher of LND as soon as possible,’ he said.

Lightning Network Daemon (LND)

In other words, the Lightning Network Daemon (LND) is an overlay network built on an existing blockchain protocol by creating an entirely new layer, providing instant, high-volume transactions that are designated in the standard blockchain currency.

This newly discovered vulnerability could affect all LND 0.10 and earlier versions, but version 0.11 was released at the end of August and contained the update, so most Lightning node operators have already upgraded to v0.11.0.

The announcement was published on October 9, 2020 by Conner Fromknecht, Protocol Engineer at Lightning Network (LN), who leads cryptographic engineering at Lightning Labs.

Lighting Labs also announced plans for a bug bonus program where developers will be rewarded with financial incentives for discovering future bugs.

The Lightning network is a solution dedicated to improving the speed of transactions on the Bitcoin Blockchain; however, the network is still under development and has vulnerabilities of its own. Does this mean that problems on the Bitcoin Blockchain are proving impossible to solve?

Written by Laetisia Harson, Project Manager at Magna Numeris

https://twitter.com/CartamOfficial

https://www.linkedin.com/company/28594185

Magna Numeris is a startup developing solutions for cryptocurrency users, pushing the boundaries of conventional platforms to help grow the peer-to-peer economy