Details of Lightning Network security vulnerability discovered in September have been released


Full details of the security vulnerability found on Bitcoin's Lightning Network late last month have been published on Friday by software developer Rusty Russel. 

According to the disclosure, the vulnerability was in the process of creating and funding a Lightning Network channel. When a channel is created, the receiver of the channel was not required to verify the amount of the funding transaction output or the scriptpubkey, a script that ensures certain conditions are satisfied before an output is spent.

Because the Lightning Network protocol does not require this verification, an attacker "can claim to open a channel but either not pay to the peer, or not pay the full amount," the disclosure states. This enables an attacker to spend the funds in a channel created with a victim, without alerting the victim. Only when a victim closes their channel with the attacker will they notice that none of the committed transactions between their channels were valid.

While Lightning Network developers have pushed updates to this vulnerability, older implementations are still affected. Users are advised to upgrade the following affected Lightning Node versions:

- LND nodes version 0.7 and below
- c-lightning nodes version 0.7 and below
- eclair nodes version 0.3 and below

Developers have also created a tool for users to check if their LND Lightning nodes were affected. In mid-September, developers warned that the vulnerability was exploited. The size of this exploit, however, was not disclosed.

Related Reading

Get Your Crypto
Daily Brief

Delivered daily, straight to your inbox.

TRON USDC now available

Delivering on a vision for an interoperable global standard for dollar digital currency, Circle and TRON have partnered to make USD Coin (USDC) available on the TRON blockchain, which has grown to more than 56 million accounts and nearly 2.5 billion transactions since its founding just four years ago. TRON is home to a broad ecosystem for digital assets in Asia and around the world, and the TRON community can now benefit from easy access to the world's fastest-growing, regulated dollar digital currency. 
Read Full Story
Sponsored Post

Layer-1 Platforms: A Framework for Comparison

The Block Research was commissioned by Algorand to create Layer-1 Platforms: A Framework for comparison, which provides a “look under the hood” at seven platforms: Algorand, Avalanche, Binance Smart Chain, Cosmos, Ethereum/Ethereum 2.0, Polkadot, and Solana. We assess their technical design, related ecosystem data, and qualitative factors such as key ecosystem members to get an understanding of how they differ. Having done this analysis, we draw some insights for what the future of the broader smart contract landscape could look like for years to come. 
Read Full Story
Aug 11, 2021, 5:18PM UTC