4 Bitcoin Lightning Network Vulnerabilities

Published on by Coindesk | Published on

The Chaincode Labs developer has authored multiple articles this year on Lightning Network attack vectors.

In independent Lightning developer Joost Jager's words, at the heart of these attack vectors are design trade-offs that expose "The balance between building functionality and making [Lightning] secure." Some features like Neutrino which have opened the door for more reliable and user-friendly mobile wallets for Lighting, have also opened up new types of attacks.

What follows is a list of some of the more worrisome attacks that could be launched on Bitcoin's Lightning Network.

Basically, an attacker could freeze bitcoin deposited in a Lightning payment channel by spamming that channel with micropayments.

In theory, the attack could be used by Lightning Service Providers, the businesses building on Lightning that manage the bulk of the network's liquidity, to sabotage a competitor's business.

This involves a "Sybil attack" on Bitcoin Lightning nodes.

If an attacker were to spin up hundreds of nodes and crowd all of a Lightning full node's connections in such a way that the victim is no longer connected to any honest users, the attacker can isolate that node from receiving real network data.

Once the attacker closes its Lightning channels with the victim, he or she could steal funds from that channel because its host node will not see the channel's closing transaction on the blockchain because it is not receiving data quickly enough.

The attack is particularly threatening against light clients because these Lightning wallets only receive blockchain data one block at a time, as opposed to a full Lightning client that always has a copy of the blockchain's transaction history.

Light clients comprise the bulk of consumer-grade Lightning Network wallets from a handful of providers such as Lightning Labs, Phoenix, Blue Wallet, and other Lightning service providers.

x