Lightning Network Developer Discloses a Dangerous Vulnerability, Now Fixed

  • The vulnerability could allow for an attacker to pretend to open a payment channel and then send fake transactions.
  • Originally discovered in June, the vulnerability has now been fixed by upgrading all major lightning software clients.
Landscape mountain Bromo volcano lightning and thunder

Landscape mountain Bromo volcano lightning and thunder from Tengger Semeru National Park, Indonesia. Freepik

Bitcoin’s Lightning Network vulnerability, which was revealed to the public in August, has now been fixed, according to developer Rusty Russel, who disclosed the details around it this Friday.

As reported by the published details, an attacker could pretend to open a new payment channel, and then send fake transactions. The vulnerability appeared when the channels were being opened using a process which did not require the receiver to check if the transaction was the one promised by the finder in terms of the actual script pubkey, which is an output transaction script that needs specific conditions to be met, before a receiver spends their Bitcoins. The file reads:

“A lightning node accepting a channel must check that the funding transaction output does indeed open the channel proposed. Otherwise an attacker can claim to open a channel but either not pay to the peer, or not pay the full amount. Once that transaction reaches the minimum depth, it can spend funds from the channel. The victim will only notice when it tries to close the channel and none of the commitment or mutual close transactions it has are valid.”

When the vulnerability was first revealed to the public in August, Russel urged Lighnting Network node operators to update their software as soon as possible. He tweeted at the time:

Friday’s announcement also stated that all major lightning software clients have already been upgraded in order to fix the vulnerability. It also revealed that the “bug” was first discovered towards the end of June, and that the companies that maintained the most popular lightning implementations were notified immediately.

Discussion
Related Coverage
Virtual Gold Rush: The Emergence of Bitcoin Gaming as the New Frontier in Online Entertainment

In the ever-evolving world of online entertainment, Bitcoin gaming is no longer just a niche interest for cryptocurrency enthusiasts. With the rise of blockchain technology, Bitcoin games have become a significant trend, drawing in players from all corners of the globe with the promise of transparent gaming experiences and financial incentives. As this new frontier […]

February 11, 2024, 10:05 PM

Freepik

Binance Working on Bitcoin Lightning Network Integration
  • The crypto exchange confirmed on Tuesday that it has started the process of integrating the technology, and that it is already running Lightning Network nodes.
  • Crypto exchanges Kraken, OKX, and Bitfinex have already integrated the technology into their platforms, while Coinbase said it will do so in the future.
Hacker Steals $9M from SafeMoon
  • SafeMoon said that only its SFM:BNB liquidity pool (LP) was affected, and that it had located the suspected exploit, and patched the vulnerability.
  • The bug was allegedly introduced with the latest SafeMoon upgrade, and allowed the attacker to burn the majority of SFM in the pool, artificially inflating its price.