Details concerning the vulnerability discovered in bitcoin’s lightning network last month have been released by the developer who first blew the whistle.
Lightning Network Security Vulnerability
At the end of August, Australian software programmer and bitcoin lightning network coder Rusty Russell urged users to update their lightning nodes after discovering a security vulnerability.
Upgrade #lightning nodes please! c-lightning < 0.7.1, lnd < 0.7, eclair <= 0.3 vulnerable:https://t.co/4E2hHUy386
— TheRustyTwit (@rusty_twit) August 30, 2019
On Sept. 27, Russell released full details concerning the vulnerability, which involved the creation and funding of a new lightning network channel. According to the update, the recipient of a newly created channel was not required to verify the amount of funding transaction output, which created an attack vector for would-be hackers.
Russell explained,
An attacker can claim to open a channel but either not pay to the peer, or not pay the full amount. Once that transaction reaches the minimum depth, it can spend funds from the channel. The victim will only notice when it tries to close the channel and none of the commitment or mutual close transactions it has are valid.
Lightning network developers have fixed the vulnerability in the most recent updates, but clients running older nodes are still at risk. The developers also published a tool for GitHub for users to determine if their lightning nodes are among the ones affected.
Featured Image Credit: Photo via Pixabay.com
