Bitcoin’s Lightning Network was designed to make Bitcoin transactions faster and cheaper. But according to a recent discovery by a now former Lightning developer Antoine Riard, there’s a major security flaw in the network that puts users’ funds at risk. Taking to a thread on the Linux Foundation’s public mailing list, Riard detailed the new discovery of a security risk in the Lightning Network that could allow hackers to easily get control of the Layer 2 protocol.
Developer Departs From Bitcoin Lightning Network Over Security Concerns
The Bitcoin Lightning Network is a “layer 2” payment protocol that operates on top of the Bitcoin blockchain. It enables fast, low-cost transactions between participating nodes. Since its inception, the Bitcoin Layer 2 protocol has been well accepted, although various vulnerabilities have been reported.
Users can instantaneously send and receive Bitcoin thanks to the Lightning Network, which facilitates the creation of a network of payment channels between users without waiting for transactions to be confirmed on the blockchain. However, Riard claims that there’s a new malevolent danger out there called the replacement cycling attack, which puts the network in a perilous position.
Cycling attack works by specifically targeting payment channels to steal funds from mempools. These attacks are not easy but can be carried out by very sophisticated players. It essentially works by changing the transaction signature of a victim’s timeout transaction in a mempool by a new transaction without leaving a trace on the network. Although simple cycling attacks can be easily mitigated, Riard warns that a very sophisticated attack could leave payment channels exposed to hackers.
https://x.com/mononautical/status/1715736832950825224?s=20
How does a lightning replacement cycling attack work?
There’s a lot of discussion about this newly discovered vulnerability on the mailing lists, but the actual mechanism is a bit hard to follow.
So here’s an illustrated primer…
1/n pic.twitter.com/mvvS8bEc5f
— mononaut (@mononautical) October 21, 2023
Related Reading: Bitcoin In Peril? Is BTC ‘Fighting Crucial Levels’ Or Winning?
What This Means For The Future Of The Lightning Network
The vulnerabilities uncovered in the Lightning Network codebase are troubling for the future of Bitcoin’s scalability solution. Riard’s discovery seems to have ruffled a few feathers of Bitcoin investors, as revealed by comments on social media platforms.
In what looks like his second memo on the issue, Riard mentions that addressing the issue may require significant rewrites of critical components of the network’s base layer. Defending against the backdoor may also require modifications to the underlying public Bitcoin ecosystem.
“I think this new class of replacement cycling attacks puts lightning in a very perilous position, where only a sustainable fix can happen at the base-layer, e.g adding a memory-intensive history of all-seen transactions or some consensus upgrade,” Riard said.
https://x.com/WhaleWire/status/1715686930476655030?s=20
BREAKING:
One of the top #Bitcoin developers recently discovered a massive security risk in the Lightning Network, which triggered him to announce his departure from the project.
He claims theres intentional backdoors in the code that allow attackers to easily get full control… pic.twitter.com/oLiVXk0A2F
— WhaleWire (@WhaleWire) October 21, 2023
Riard has since stepped down from the development of the Lightning Network, with plans to focus now on Bitcoin core development. Data from DefiLlama shows the TVL of the Lightning Network is now at $159.74 million. Its future of depends on how developers and the Bitcoin community respond to this news. A quick, transparent fix of the vulnerability to restore trust should be the important next step.
On the other hand, the price of Bitcoin just crossed $30,000. Renowned financial author Robert T. Kiyosaki predicts that Bitcoin will reach $135,000 very soon.
Featured image from Crypto News