Lightning Network Encounters Exploit
Lightning Network, Bitcoin’s second layer solution, has seen an exploit of a known vulnerability.
Bitcoin (BTC) Lightning Network, the second-layer speed solution, may have faced an exploit leading to the loss of funds. Based on the developers’ messaging list, a known bug has been exploited already, and this may happen again unless an upgrade is implemented.
“We've confirmed instances of the CVE being exploited in the wild. If you’re not on the following versions of either of these implementations (these versions are fully patched), then you need to upgrade now to avoid the risk of funds loss,” explained the developers.
The risk is related to using outdated versions of the software required to run nodes. Using the right updated versions mitigates the risk. Node operators are urged to upgrade in the following cases:
- CVE-2019-12998 c-lightning < 0.7.1
- CVE-2019-12999 lnd < 0.7
- CVE-2019-13000 eclair <= 0.3
The Lightning Network is still considered experimental, and the amount of funds circulating between nodes is limited, to avoid more significant losses. Nodes hold only a limited amount of BTC, which is growing slowly.
To compare, a relatively small Binance hack took away 7,000 BTC, still higher than all the coins circulated within the LN.
But in the future, the second-layer network may attract more users, and lead to the potential for greater exploits. The network also allows for entities to take over nodes and channels, achieving large-scale influence in the movement of coins. A visualization of the network shows there are now more participants and interconnections, but a handful of nodes participate as relays for a large number of channels.
At this point, the usage of the Lightning network goes beyond experimental enthusiasts, as it has been integrated into mainstream products. The Stakenet wallet is one such service, promising direct access to the LN.
Even Coinbase users can partially access LN transactions, through the BitRefill service. Limited opportunities to buy LN-based BTC are also available through a debit card.
The Bitcoin network itself carries upward of 300,000 transactions on a usual day, with the occasional spike in network load.