Australian Coder Warns Users of Lightning Network’s Vulnerabilities (#GotBitcoin?)
Australian software programmer and Bitcoin’s (BTC) Lightning Network coder Rusty Russell warned users that “security issues have been found in various Lightning projects which could cause loss of funds.” Australian Coder Warns Users of Lightning Network’s Vulnerabilities (#GotBitcoin?)
Urgent Update Recommended
On Aug. 30, Russell published a tweet urging LN nodes operators to update their software as soon as possible. According to the message, his warning concerns all versions of c-lightning prior to 0.7.1, lnd older than 0.7, and eclair up to version 0.3.
Notably, just earlier this month blockchain development company Blockstream announced the release of the version 0.7.2 of its BTC scalability software c-lightning.
Details To Be Released
In a PGP-signed message published on Linux Foundation’s domain Russell explicitly warns users of security issues and promises that more details will be released in the future:
“Full details will be released in 4 weeks (2019-09-27), please upgrade well before then.”
Lightning Network is a second-layer off-chain Bitcoin scalability solution meant to enable instant and near-free BTC payments. Blockstream’s chief strategy officer Samson Mow recently said that Bitcoin is bad for payments, but Lightning Network could solve this.
As Cointelegraph reported earlier this month, Andreas Antonopoulos announced his new “Mastering Lightning Network” book, co-authored by René Pickhardt and Lightning Labs CTO Olaoluwa Osuntokun.
10,000 Nodes Are Running BTC Lightning Network In New All-Time High
The number of Bitcoin (BTC) Lightning Network (LN) nodes has reached 10,000 for the first time, according to real-time LN statistics site 1ML.
According to 1ML, the number of nodes on the LN has grown by 3.17% over the past 30 days to reach a record high of 10,003 network nodes at press time. At the same time, the number of nodes with active channels is 5,975 out of total of 36,246 channels at press time, with just a 0.34% growth over the past month.
The LN is a second-layer blockchain protocol designed to provide high-speed transactions for Bitcoin, wherein nodes are individual payment channels between various parties allowing them to send and receive BTC between each other.
The LN State, According To LNBIG
As the person behind the LNBIG entity that controls over 40% of the Lightning Network’s capacity told industry-focused media outlet The Block, they maintain statistics of all local balances, which are hidden from public view. They explained that LN explorers can not know who created channels and which side bitcoins were used.
When asked what features should be added to the LN to attract more BTC users, the speaker singled out atomic multi-path payments, which will purportedly play a big role in Bitcoin automated teller machines. “For the widespread adoption of the Lightning Network, it is important to have software that integrates the wallet with accounting,” they added.
Stipulating the LN’s viability in the event that routing fees do not outperform lending rates, the individual said that it is too early to make money in the LN. As for the biggest weakness of the LN, they note the small audience, adding:
“Other problems concern node operators, but here they are not problems of mass adoption. The infrastructure of nodes already allows for orders of magnitude more payments than now. Moreover, for this, you can not increase the capacity because the funds are distilled from one end of the channel to the other, and this process does not consume bitcoins from node operators. It’s like a circulatory system, and the body is already full of blood. It only remains for him to live an active life.”
Recent Developments Of The LN
In late August, blockchain development company Blockstream announced the release of version 0.7.2 of its scalability software c-lightning, an LN implementation that supports dynamic plugin management as well as “the upcoming signet.”
In July, the LN developers revealed a new node monitoring tool. One of the main goals of this tool is to provide a way to prevent certain network issues before they manifest. Users could purportedly also use this tool to monitor trends such as the number of channels over time, as well as which spots have the best routing fees.
Updated: 10-2-2019
Bitcoin’s LN Developer Discloses the Network’s Vulnerability
Bitcoin’s (BTC) Lightning Network (LN) developer Rusty Russel has published the full disclosure of the network’s vulnerability discovered in August, accompanied by a solution.
Russel pointed out that the vulnerability appeared while opening funding channels. The described process does not require that receivers check if a transaction is the one promised by the funder in terms of amounts and the actual scriptpubkey.
Scriptpubkey is an output transaction script that requires specific conditions to be observed for a receiver to spend their Bitcoins. The file explains:
“A lightning node accepting a channel must check that the funding transaction output does indeed open the channel proposed. Otherwise an attacker can claim to open a channel but either not pay to the peer, or not pay the full amount. Once that transaction reaches the minimum depth, it can spend funds from the channel. The victim will only notice when it tries to close the channel and none of the commitment or mutual close transactions it has are valid.”
A Possible Solution
Russel also proposed a solution to the aforementioned problem. Once the funding transaction is seen, peers “must check that the outpoint as described in `funding_created`[1] is a funding transaction output[2] with the amount described in `open_channel`[3].”
The file also warns that c-lightning versions 0.7.1 and above perform the process correctly, urging users to upgrade the older versions of their Lightning Nodes.
On Sept. 10, Olaoluwa Osuntokun, CTO at LN-focused startups Lightning Labs and ACINQ, also claimed to have found instances of the vulnerability being exploited. In order to avoid the risk of losing funds, Osuntokun strongly advised users to update their LN versions. The affected versions included, per Osuntokun, LND nodes version 0.7 and below, c-lightning nodes version 0.7 and below, and eclair nodes version 0.3 and below, the post noted.
On Sept. 26, the number of Bitcoin’s LN nodes reached 10,000 for the first time.
As Cointelegraph previously reported, Andreas Antonopoulos announced his new “Mastering Lightning Network” book, co-authored by René Pickhardt and Lightning Labs CTO Olaoluwa Osuntokun.
Updated: 10-21-2019
Researchers Uncover Bitcoin ‘Attack’ That Could Slow or Stop Lightning Payments
The bitcoin lightning network could be vulnerable to a simple and disruptive attack, according to a recent research paper.
Written by Saar Tochner, Aviv Zohar, and Stefan Schmid, the paper describes a denial-of-service (DoS) attack that could be used to slow down or even stop a huge percentage of payments on the network and, although the behavior hasn’t been seen in the wild and lightning’s technology is still in-progress, it’s considered a major flaw in the network as it stands today. The paper, entitled “Hijacking Routes in Payment Networks,” was published in mid-September.
Tochner and Zohar both hail from the Hebrew University of Jerusalem while Schmid works at the University of Vienna.
“The attack allows for a disruption of payments on the lightning network,” said Zohar.
This is possible because each lightning network payment is passed across a network of nodes in order to reach its destination. If one of these middle nodes is a bad actor it can slow the payment down rather than swiftly pass along the payment as it’s supposed to.
What’s more, it currently doesn’t take much to execute the denial of service attack, according to Zohar.
“It is extremely easy to execute. It takes opening a few lightning channels to key points, promising zero fees, and then not relaying any payments,” he said.
It’s an attack that the researchers haven’t seen in the wild, but it could potentially make the lightning payment network more difficult to use. And it’s a discovery that has gotten the attention of developers who work on bitcoin and lightning.
“I wish I had thought of the attack,” bitcoin researcher Gleb Naumenko told CoinDesk.
“The paper is very interesting, so is the analysis of the different heuristics used for path-finding, and we’re very happy to see independent researchers work on how lightning can be abused and attacked,” said lightning startup Acinq CTO Fabrice Drouin.
‘Amplified’ Denial of Service
When a user sends a payment across lightning, their app decides which path to take based on many factors, including which node requires the lowest fees.
Though there are hundreds of nodes in the lightning network, a bad actor can use this attack to make sure there’s a high probability that their node will be selected. They can do this by “analyzing how each implementation computes routes to design a strategy that enables attackers to get their nodes selected in as many routes as possible,” said Drouin.
“We can open channels that offer short and low-cost routes in the network which then are selected (almost always) for the route,” Zohar further explained.
By doing this, they can capture a significant portion of the network’s payments at a given time. “We find that just five new links are enough to draw the majority (65% – 75%) of the traffic regardless of the implementation being used,” the paper explains.
What’s more, they can do this over and over again to ensure the payment keeps getting stopped.
“Then, when a payment request comes in, we can just refuse to pass it onward. When a new path is selected […] the attacker channels are again selected for the route,” Zohar said.
As bad as the attack sounds, it hasn’t appeared in the wild – yet.
“I think the network is just not in heavy use right now and disrupting it does not cause too much damage. The attack does not directly give funds to the attacker, so the incentive will only be there if lightning is heavily used as a payment network,” Zohar said.
It should be noted that, for the attacker, such a maneuver is “not cheap,” Drouin argues, because “attackers need to open actual channels and lock funds, which will get closed and pay on-chain fees whenever a payment is locked and times out.”
Still, Zohar argues it’s “not that expensive, given the damage you do,” adding: “You’d need around 20 or so new channels to attack some 80% of all transactions, so the total cost would be around $2000.”
Stopping The Attack
Lightning developers agree this is a serious attack vector but they are optimistic that future changes will make the attack much harder.
“It’s something [that’s] hard to talk about because we are still developing the pathfinding system in LND and it’s a moving target,” said Alex Bosworth, who is the infrastructure lead at Lightning Labs.
LND is an implementation of lightning network made by Lightning Labs. Bosworth further noted that changes are coming in fast, and that the new version of LND that just came out on Tuesday, for example, has some “major changes” that impacts the routing analyzed by the researchers to come up with this attack.
“I wouldn’t say that there is any way to conclusively stop people who are trying to disrupt payments because this is a system where the peer-to-peer design means that anyone can participate and route or not route as they prefer,” he said.
‘Trampoline’ Payments
The lightning code is changing very rapidly and there are plenty of modifications still in the pipeline.
Some of these changes could make it a lot harder for bad actors to execute an attack, lightning developers argue, including system for banning “bad” users.
“Also, as the network grows, lightning network implementations will deploy more aggressive heuristics to ban misbehaving peers … and such attacks will become more an more short-lived,” Drouin said.
“For example, we don’t just look at the cheapest fees when we compute routes, we try to select older channels, so an attacker would have to wait and behave before they can carry out the attack,” he said.
Drouin further argued that there are other improvements forthcoming including trampoline payments, a feature proposed by Blockstream lightning developer Christian Decker, who was known for independently inventing a payment channel network similar to lightning in 2015.
Lightning is supposed to be instant but behind the scenes each node in the network carrying a payment from point A to point B needs to do a little computation as it carries the data. In fact, not all lightning users have equipment that’s powerful enough to perform these calculations, thereby requiring the “trampoline” system.
The typical user in today’s network might send a bitcoin payment from a smartphone, for instance, which isn’t exactly a powerful machine. So one idea is to allow these smaller nodes to outsource computation to “trampoline” nodes that have more computational power.
Australian Coder Warns,Australian Coder Warns,Australian Coder Warns,Australian Coder Warns,Australian Coder Warns,Australian Coder Warns,Australian Coder Warns,,Australian Coder Warns,Australian Coder Warns,Australian Coder Warns,Australian Coder Warns,
Related Articles:
Bitcoin Information & Resources (#GotBitcoin?)
Argentina’s Economy Is In A Technical Default (#GotBitcoin?)
Blockchain-Based Fractional Ownership Used To Sell High-End Art (#GotBitcoin?)
Portugal Tax Authority: Bitcoin Trading And Payments Are Tax-Free (#GotBitcoin?)
Bitcoin ‘Failed Safe Haven Test’ After 7% Drop, Peter Schiff Gloats (#GotBitcoin?)
Bitcoin Dev Reveals Multisig UI Teaser For Hardware Wallets, Full Nodes (#GotBitcoin?)
Bitcoin Price: $10K Holds For Now As 50% Of CME Futures Set To Expire (#GotBitcoin?)
Bitcoin Realized Market Cap Hits $100 Billion For The First Time (#GotBitcoin?)
Stablecoins Begin To Look Beyond The Dollar (#GotBitcoin?)
Bank Of England Governor: Libra-Like Currency Could Replace US Dollar (#GotBitcoin?)
Binance Reveals ‘Venus’ — Its Own Project To Rival Facebook’s Libra (#GotBitcoin?)
The Real Benefits Of Blockchain Are Here. They’re Being Ignored (#GotBitcoin?)
CommBank Develops Blockchain Market To Boost Biodiversity (#GotBitcoin?)
SEC Approves Blockchain Tech Startup Securitize To Record Stock Transfers (#GotBitcoin?)
SegWit Creator Introduces New Language For Bitcoin Smart Contracts (#GotBitcoin?)
You Can Now Earn Bitcoin Rewards For Postmates Purchases (#GotBitcoin?)
Bitcoin Price ‘Will Struggle’ In Big Financial Crisis, Says Investor (#GotBitcoin?)
Fidelity Charitable Received Over $100M In Crypto Donations Since 2015 (#GotBitcoin?)
Would Blockchain Better Protect User Data Than FaceApp? Experts Answer (#GotBitcoin?)
Just The Existence Of Bitcoin Impacts Monetary Policy (#GotBitcoin?)
What Are The Biggest Alleged Crypto Heists And How Much Was Stolen? (#GotBitcoin?)
IRS To Cryptocurrency Owners: Come Clean, Or Else!
Coinbase Accidentally Saves Unencrypted Passwords Of 3,420 Customers (#GotBitcoin?)
Bitcoin Is A ‘Chaos Hedge, Or Schmuck Insurance‘ (#GotBitcoin?)
Bakkt Announces September 23 Launch Of Futures And Custody
Coinbase CEO: Institutions Depositing $200-400M Into Crypto Per Week (#GotBitcoin?)
Researchers Find Monero Mining Malware That Hides From Task Manager (#GotBitcoin?)
Crypto Dusting Attack Affects Nearly 300,000 Addresses (#GotBitcoin?)
A Case For Bitcoin As Recession Hedge In A Diversified Investment Portfolio (#GotBitcoin?)
SEC Guidance Gives Ammo To Lawsuit Claiming XRP Is Unregistered Security (#GotBitcoin?)
15 Countries To Develop Crypto Transaction Tracking System: Report (#GotBitcoin?)
US Department Of Commerce Offering 6-Figure Salary To Crypto Expert (#GotBitcoin?)
Mastercard Is Building A Team To Develop Crypto, Wallet Projects (#GotBitcoin?)
Canadian Bitcoin Educator Scams The Scammer And Donates Proceeds (#GotBitcoin?)
Amazon Wants To Build A Blockchain For Ads, New Job Listing Shows (#GotBitcoin?)
Shield Bitcoin Wallets From Theft Via Time Delay (#GotBitcoin?)
Blockstream Launches Bitcoin Mining Farm With Fidelity As Early Customer (#GotBitcoin?)
Commerzbank Tests Blockchain Machine To Machine Payments With Daimler (#GotBitcoin?)
Man Takes Bitcoin Miner Seller To Tribunal Over Electricity Bill And Wins (#GotBitcoin?)
Bitcoin’s Computing Power Sets Record As Over 100K New Miners Go Online (#GotBitcoin?)
Walmart Coin And Libra Perform Major Public Relations For Bitcoin (#GotBitcoin?)
Judge Says Buying Bitcoin Via Credit Card Not Necessarily A Cash Advance (#GotBitcoin?)
Poll: If You’re A Stockowner Or Crypto-Currency Holder. What Will You Do When The Recession Comes?
1 In 5 Crypto Holders Are Women, New Report Reveals (#GotBitcoin?)
Beating Bakkt, Ledgerx Is First To Launch ‘Physical’ Bitcoin Futures In Us (#GotBitcoin?)
Facebook Warns Investors That Libra Stablecoin May Never Launch (#GotBitcoin?)
Government Money Printing Is ‘Rocket Fuel’ For Bitcoin (#GotBitcoin?)
Bitcoin-Friendly Square Cash App Stock Price Up 56% In 2019 (#GotBitcoin?)
Safeway Shoppers Can Now Get Bitcoin Back As Change At 894 US Stores (#GotBitcoin?)
TD Ameritrade CEO: There’s ‘Heightened Interest Again’ With Bitcoin (#GotBitcoin?)
Venezuela Sets New Bitcoin Volume Record Thanks To 10,000,000% Inflation (#GotBitcoin?)
Newegg Adds Bitcoin Payment Option To 73 More Countries (#GotBitcoin?)
China’s Schizophrenic Relationship With Bitcoin (#GotBitcoin?)
More Companies Build Products Around Crypto Hardware Wallets (#GotBitcoin?)
Bakkt Is Scheduled To Start Testing Its Bitcoin Futures Contracts Today (#GotBitcoin?)
Bitcoin Network Now 8 Times More Powerful Than It Was At $20K Price (#GotBitcoin?)
Crypto Exchange BitMEX Under Investigation By CFTC: Bloomberg (#GotBitcoin?)
“Bitcoin An ‘Unstoppable Force,” Says US Congressman At Crypto Hearing (#GotBitcoin?)
Bitcoin Network Is Moving $3 Billion Daily, Up 210% Since April (#GotBitcoin?)
Cryptocurrency Startups Get Partial Green Light From Washington
Fundstrat’s Tom Lee: Bitcoin Pullback Is Healthy, Fewer Searches Аre Good (#GotBitcoin?)
Bitcoin Lightning Nodes Are Snatching Funds From Bad Actors (#GotBitcoin?)
The Provident Bank Now Offers Deposit Services For Crypto-Related Entities (#GotBitcoin?)
Bitcoin Could Help Stop News Censorship From Space (#GotBitcoin?)
US Sanctions On Iran Crypto Mining — Inevitable Or Impossible? (#GotBitcoin?)
US Lawmaker Reintroduces ‘Safe Harbor’ Crypto Tax Bill In Congress (#GotBitcoin?)
EU Central Bank Won’t Add Bitcoin To Reserves — Says It’s Not A Currency (#GotBitcoin?)
The Miami Dolphins Now Accept Bitcoin And Litecoin Crypt-Currency Payments (#GotBitcoin?)
Trump Bashes Bitcoin And Alt-Right Is Mad As Hell (#GotBitcoin?)
Goldman Sachs Ramps Up Development Of New Secret Crypto Project (#GotBitcoin?)
Blockchain And AI Bond, Explained (#GotBitcoin?)
Grayscale Bitcoin Trust Outperformed Indexes In First Half Of 2019 (#GotBitcoin?)
XRP Is The Worst Performing Major Crypto Of 2019 (GotBitcoin?)
Bitcoin Back Near $12K As BTC Shorters Lose $44 Million In One Morning (#GotBitcoin?)
As Deutsche Bank Axes 18K Jobs, Bitcoin Offers A ‘Plan ฿”: VanEck Exec (#GotBitcoin?)
Argentina Drives Global LocalBitcoins Volume To Highest Since November (#GotBitcoin?)
‘I Would Buy’ Bitcoin If Growth Continues — Investment Legend Mobius (#GotBitcoin?)
Lawmakers Push For New Bitcoin Rules (#GotBitcoin?)
Facebook’s Libra Is Bad For African Americans (#GotBitcoin?)
Crypto Firm Charity Announces Alliance To Support Feminine Health (#GotBitcoin?)
Canadian Startup Wants To Upgrade Millions Of ATMs To Sell Bitcoin (#GotBitcoin?)
Trump Says US ‘Should Match’ China’s Money Printing Game (#GotBitcoin?)
Casa Launches Lightning Node Mobile App For Bitcoin Newbies (#GotBitcoin?)
Bitcoin Rally Fuels Market In Crypto Derivatives (#GotBitcoin?)
World’s First Zero-Fiat ‘Bitcoin Bond’ Now Available On Bloomberg Terminal (#GotBitcoin?)
Buying Bitcoin Has Been Profitable 98.2% Of The Days Since Creation (#GotBitcoin?)
Another Crypto Exchange Receives License For Crypto Futures
From ‘Ponzi’ To ‘We’re Working On It’ — BIS Chief Reverses Stance On Crypto (#GotBitcoin?)
These Are The Cities Googling ‘Bitcoin’ As Interest Hits 17-Month High (#GotBitcoin?)
Venezuelan Explains How Bitcoin Saves His Family (#GotBitcoin?)
Quantum Computing Vs. Blockchain: Impact On Cryptography
This Fund Is Riding Bitcoin To Top (#GotBitcoin?)
Bitcoin’s Surge Leaves Smaller Digital Currencies In The Dust (#GotBitcoin?)
Bitcoin Exchange Hits $1 Trillion In Trading Volume (#GotBitcoin?)
Bitcoin Breaks $200 Billion Market Cap For The First Time In 17 Months (#GotBitcoin?)
You Can Now Make State Tax Payments In Bitcoin (#GotBitcoin?)
Religious Organizations Make Ideal Places To Mine Bitcoin (#GotBitcoin?)
Goldman Sacs And JP Morgan Chase Finally Concede To Crypto-Currencies (#GotBitcoin?)
Bitcoin Heading For Fifth Month Of Gains Despite Price Correction (#GotBitcoin?)
Breez Reveals Lightning-Powered Bitcoin Payments App For IPhone (#GotBitcoin?)
Big Four Auditing Firm PwC Releases Cryptocurrency Auditing Software (#GotBitcoin?)
Amazon-Owned Twitch Quietly Brings Back Bitcoin Payments (#GotBitcoin?)
JPMorgan Will Pilot ‘JPM Coin’ Stablecoin By End Of 2019: Report (#GotBitcoin?)
Is There A Big Short In Bitcoin? (#GotBitcoin?)
Coinbase Hit With Outage As Bitcoin Price Drops $1.8K In 15 Minutes
Samourai Wallet Releases Privacy-Enhancing CoinJoin Feature (#GotBitcoin?)
There Are Now More Than 5,000 Bitcoin ATMs Around The World (#GotBitcoin?)
You Can Now Get Bitcoin Rewards When Booking At Hotels.Com (#GotBitcoin?)
North America’s Largest Solar Bitcoin Mining Farm Coming To California (#GotBitcoin?)
Bitcoin On Track For Best Second Quarter Price Gain On Record (#GotBitcoin?)
Bitcoin Hash Rate Climbs To New Record High Boosting Network Security (#GotBitcoin?)
Bitcoin Exceeds 1Million Active Addresses While Coinbase Custodies $1.3B In Assets
Why Bitcoin’s Price Suddenly Surged Back $5K (#GotBitcoin?)
Zebpay Becomes First Exchange To Add Lightning Payments For All Users (#GotBitcoin?)
Coinbase’s New Customer Incentive: Interest Payments, With A Crypto Twist (#GotBitcoin?)
The Best Bitcoin Debit (Cashback) Cards Of 2019 (#GotBitcoin?)
Real Estate Brokerages Now Accepting Bitcoin (#GotBitcoin?)
Ernst & Young Introduces Tax Tool For Reporting Cryptocurrencies (#GotBitcoin?)
Recession Is Looming, or Not. Here’s How To Know (#GotBitcoin?)
How Will Bitcoin Behave During A Recession? (#GotBitcoin?)
Many U.S. Financial Officers Think a Recession Will Hit Next Year (#GotBitcoin?)
Definite Signs of An Imminent Recession (#GotBitcoin?)
What A Recession Could Mean for Women’s Unemployment (#GotBitcoin?)
Investors Run Out of Options As Bitcoin, Stocks, Bonds, Oil Cave To Recession Fears (#GotBitcoin?)
Goldman Is Looking To Reduce “Marcus” Lending Goal On Credit (Recession) Caution (#GotBitcoin?)
Leave a Reply
You must be logged in to post a comment.