Claims Lightning Network Users Could Lose Funds
Lightning Network (LN) “would be the easiest way to steal Bitcoin” if the layer 2 protocol ever reaches serious volumes, the founder of prediction market platform Gnosis has claimed. Martin Köppelmann outlined the step-by-step approach of how the double spend exploit can work out without revealing one’s identity in a tweet though doubts were raised about its likelihood. Hitherto, there has not been any reported case of the attack being used to prove LN routing makes it easier to steal BTC from others by double-spending.
1) Find a target T that routes lightning tx with channels with only n confirmations
2) Have a channel open that can receive BTC that is older than n confirmations
3) Open a channel with T
4) Make a lightning payment to yourself to the channel from 2)
5) double spend tx 3)
— Martin Köppelmann (@koeppelmann) September 6, 2019
A claim of losing money with LN was made last week when the attention of the LN community was drawn to some security issues found in various projects run with the Layer 2 payment protocol which developers say “could cause loss of funds”.
Though full details of the issues are not expected to be released until September 27 (four weeks), an upgrade of LN nodes for the affected releases – CVE-2019-12998 c-lightning < 0.7.1 CVE-2019-12999 lnd < 0.7 CVE-2019-13000 eclair <= 0.3 – before then is suggested. The CVEs are assigned on product basis, according to the developer that made the disclosure, Rusty Russell. Only nodes that have not been upgraded for some time are reportedly affected while most recent versions are not.
— TheRustyTwit (@rusty_twit) August 30, 2019
LN is intended to help scale the Bitcoin network since work started on it over four years ago. It launched on the Bitcoin main net in March 2018 to relieve the network of congestion by offering transactions off-chain with fewer fees. However, it is yet to perform at its optimum leaving skeptics to consider it unfit for its intended purpose with some claiming that routing is a real problem for LN. The unfolding situation adds to the growing criticism of the protocol as not being a viable solution to the Bitcoin network congestion.
Whereas the potential for LN to get bigger is huge and probably much greater than it’s being seen at the moment. 1ML currently shows 9,812 active LN nodes as at this writing while the main chain has been recorded to have handled over 450,000 transactions per day in the past. With each LN node capable of handling up to 1,000 tpd, it puts the total number of transactions possible with Bitcoin in a day at about 15 million. If more wallets continue to offer native SegWit compatibility – including from exchanges -Bitcoin users have more options to avoid paying higher transaction fees in the event of another bull run like 2017.
While proponents may argue that the LN software may have bugs or security vulnerabilities due to its being operational – as few merchants to accept payment – way earlier than had been expected, LN is definitely not safe right now. How to improve on delivery, as well as other main issues, could be a topic of discussion as LN developers and community members gather for The Lightning Conference next month in Berlin.