Researchers discover vulnerabilities in Bitcoin layer-2 Lightning Network

Must read

Bored Apes, Moonbirds to feature on NFT-customized Mastercard debit cards

The customizable card will only support NFT avatars from select blue chip collections, subject to Mastercard’s design standards and an owner verification process....

Innovation will drive NFT adoption despite mainstream presence: NFTGo founder

The presence of global players may be viewed positively by the industry, but Tony Ling claims this does not impact mass adoption. ...

The path moving forward for ex-Ethereum miners remains unclear

It seems that some GPU owners have resorted to selling power to non-crypto projects following the Ethereum Merge. 1280 Total views...

Acala Network to resume operations after burning 2.7B in aUSD stablecoin

A total of 2.97 billion aUSD erroneously minted were recovered after the glitch. 650 Total views 12 Total shares...

Researchers discover vulnerabilities in Bitcoin layer-2 Lightning Network Researchers discover vulnerabilities in Bitcoin layer-2 Lightning Network Oluwapelumi Adejumo · 8 hours ago · 2 min read

The researchers said the two attacks exploits congestion on the Bitcoin blockchain to cause damage on the Lightning Network.

2 min read

Updated: August 12, 2022 at 8:49 pm

Researchers discover vulnerabilities in Bitcoin layer-2 Lightning Network

Cover art/illustration via CryptoSlate

Researchers at the University of Illinois have discovered vulnerabilities in the Bitcoin (BTC) Lightning Network that could result in the theft of 750 BTCs (roughly $18 million).

The two researchers, Cosimo Sguanci and Anastasios Sidiropoulos, published a paper where they explained the vulnerability in the Layer 2 network using a hypothetical case where malicious nodes can collude for an attack.

“A coalition of just 30 nodes could lock the funds of 31% of the channels for about 2 months via a zombie attack, and could steal more than 750 BTC via a mass double-spend attack.”

Zombie attack

According to the paper, a zombie attack is a form of vandalism that congests the network and make the lightning network unusable.

A zombie attack is a scenario where some nodes are unresponsive, thereby locking funds connected to these nodes.

The paper stated that the only way to defend against this attack would be for the honest nodes to close their channel and return to the Bitcoin Layer 1 network. But that will cost a lot in transaction fees.

Double spend attack

Another type of mass exit attack discovered by the researchers is the double-spend attack. The attack would require the cooperation of several malicious nodes to overload the Bitcoin Layer 1 blockchain with fraudulent closing transactions.

If the attackers can pay the high fees resulting from the network congestion, they will be able to skip the queue and double spend Bitcoin.

But this attack is only possible when there is a flaw in the configuration of one of the Lightning Networks watchtowers.

Watchtowers role

The watchtowers keep track of the state of the Lightning Network and store all data used for regular transactions, also called justice transactions.

Honest nodes will have to submit justice transactions to dispute the fraudulent requests, so if all watchtowers are working effectively, it is easy to ascertain fraudulent channel closing requests.

A poorly maintained watchtower can provide the perfect entry point for a mass double-spend attack, which could significantly affect the victims.

A double spend attack would be disastrous for the network

The researchers wrote that a double-spend attack could be the most catastrophic if it happens.

They added that the severity would only increase as the network continues to develop, hence the need to deal with the vulnerabilities effectively and immediately.

They concluded by recommending the careful configuration of watchtowers. “Ideally, they should monitor layer-1 congestion and respond aggressively in the case of high congestion,” the paper noted.

The new revelation further adds to the list of other vulnerabilities on the network, such as a Griefing attack, Flood and loot, time dilation eclipse, and pinning.

Meanwhile, despite these vulnerabilities, malicious players have been unable to exploit the network.

More articles

Latest article

Bored Apes, Moonbirds to feature on NFT-customized Mastercard debit cards

The customizable card will only support NFT avatars from select blue chip collections, subject to Mastercard’s design standards and an owner verification process....

Innovation will drive NFT adoption despite mainstream presence: NFTGo founder

The presence of global players may be viewed positively by the industry, but Tony Ling claims this does not impact mass adoption. ...

The path moving forward for ex-Ethereum miners remains unclear

It seems that some GPU owners have resorted to selling power to non-crypto projects following the Ethereum Merge. 1280 Total views...

Acala Network to resume operations after burning 2.7B in aUSD stablecoin

A total of 2.97 billion aUSD erroneously minted were recovered after the glitch. 650 Total views 12 Total shares...

California files order against Nexo interest account, says it’s 8th state to take action

The state Department of Financial Protection & Innovation says the crypto-interest account is an unqualified security; Nexo has limited the accounts since the...