The Lightning Network may be extremely vulnerable to hackers
The network used to decongest Bitcoin (BTC) transactions and reduce transactional fees might create problems in the future due to a vulnerability recently found. The Lightning Network might give space to attackers to drain funds out of Bitcoin wallets through the exploitation of a bottleneck in the system, according to a study published yesterday. The paper, called “Flood & Loot: A Systemic Attack On The Lightning Network,” was written by Jona Harris and Aviv Zohar of the Hebrew University in Israel.
This study evaluated a systemic attack on this network that could potentially allow cybercriminals to steal BTC that were locked in payment channels. Typically, this service is used to send funds using intermediary nodes, which can facilitate BTC being stolen. This move should be done quickly; however, hackers can gain more time by flooding the network to make a successful attack. This can be achieved by attacking 85 channels simultaneously, which is not at all impossible.
“The key idea behind Hash Time Locked Contracts (HTLC) is that after they are established, payments are ‘pulled’ by the target node from the previous node in the path by providing a secret (a preimage of a hash). Our attacker will route a payment between his own two nodes and pull the payment at the end of the path. He will refuse to cooperate when the payment is eventually pulled from the source node – forcing the victim to do so via a blockchain transaction,” said the paper. The study added that the findings were already shared with the developers of the three main Lightning developments that exist, and they did so before the report was published.
