Weaknesses Discovered In Lightning Network

A big lightning bolt with the Bitcoin symbol on it. The lightning bolt is on top of a blockchain network with nodes. On both sides of the bolt, hackers wearing hoods are typing on laptops trying to get into the network.

Two researchers at the University of Illinois have discovered weaknesses in Bitcoin’s layer-2 Lightning Network (LN). Cosimo Sguanci and Anastasios Sidiropoulos published their findings that show the LN is susceptible to “mass exit attacks” caused by a few “adversarial nodes” on the network. Sguanci and Sidiropoulos estimate hackers could steal as much as 750 BTC, approximately $18M. 

Bitcoin Lightning Network explained

It is important to understand that payment processing and transfers of Bitcoin can take anywhere from 10 minutes to several hours, depending on the amount, the hash rate and algorithmic complexity at the time. The LN is a series of payment channels that hold varying amounts of BTC. LN security is fortified by its ability to close transactions in a pre-specified time.

The researchers stated: 

“This inherent timing restriction that the LN must satisfy, make it susceptible to attacks that seek to increase the congestion on the Bitcoin blockchain, thus preventing correct protocol execution.”

Types of potential attacks

Sguanci and Sidiropoulos examine two different types of attacks that could potentially occur on the network: a zombie attack and a double spend attack. 

Zombie attack

By overwhelming some honest nodes in the network all of the nodes become unresponsive (“zombified”). The network automatically responds by locking down the funds in the channel until the issue is resolved by developers. 

Double spend attack

Using several dishonest nodes, attackers can overload Bitcoin’s main net (Layer 1) with a series of fraudulent transactions. This causes network congestion and higher fees; but if the hackers can pay the higher fees, they can skip the transaction queue, thus not validating their transaction(s). 

By not validating the transaction, the attacker can then double spend their Bitcoin, in other words, they can use the same coin for two different purchases.

Sguanci and Sidiropoulos describe the double spend attack as the most ruinous. 

Lightning Network Status

A large part of LN security is conducted by watchtowers, a third-party group of Bitcoin users who monitor transactions on the LN. The researchers wrote: 

“Ideally, [the watchtowers] should monitor layer-1 congestion and respond aggressively in the case of high congestion.”

Bitcoin maximalists like Michael Saylor have argued for the wholesale adoption of Bitcoin and commended the potential of the LN. However, zombie attacks, double-spend attacks, and other types of malice have got to be curbed to a large enough degree that the market is willing to adopt it.
The LN team also found vulnerabilities in the network a couple of years ago. Nonetheless, as of this article’s publication, there have been no successful attacks on the Bitcoin Lightning Network.

Jason Rowlett

Jason is a Web3 writer and podcaster. He hosts the BCCN3 Talk podcast and YouTube channel and has interviewed several industry leaders at global Web3 events. An active crypto investor, Jason is a HODLer and advocate for the DeFi industry. He lives in Austin, Texas, where he rows competitively.

Previous
Previous

MetaBrewery: An Interview with Holger Mannweiler about his New Web3 Brewery

Next
Next

Sanctions on Tornado Cash are Creating a New Concern for Wallets