A developer who works on the Bitcoin Lightning Network (LN) recently discovered a major attack vector that could pose a severe problem to LN users. According to Joost Jager, the scalable payment network could be easily damaged without any significant effort or cost. At the same time, Jager stated that he will work hard on presenting a solution to this problem.
In a thread on Crypto Twitter, the independent developer explained that while LN is great, it has not been tested for potential vulnerabilities. Specifically, he revealed that the discovered attacks could be followed through the Wumbo channels. The newly introduced feature allows a party comprised out of two individuals to safely and swiftly create a large transaction. Currently, regular Lightning Network channels are limited to hosting $1,760 in Bitcoin. On the other hand, Wumbo solves the issue by removing the limits nodes have.
However, Wumbo channels turned out to not be as safe as people believe. Jager believes that they can be exploited as Wumbo channels can contain no more than 483 hash and time-lock contracts despite their set capacity. In simple terms, an individual could disrupt the system by sending 483 small payments to themselves and controlling the time-lock contracts. By doing so, the channel could be disabled for two weeks.
Furthermore, the attacker could make the process even more efficient by changing certain parameters. The LN developer stated:
If the script kid is lucky, they only need to send 54 payments to get it done. A single tiny channel takes double-digit amounts of Bitcoin out of business.
He plans to solve the problem by introducing a new sort of firewall for Lightning nodes called Circuit Breaker. For now, the developer did not share any specific details regarding the mechanism of his firewall.
Bitfinex integrates Wumbo despite security issues
Upon being questioned if the Wumbo channel threat represents the biggest threat to the LN, Jager responded positively. He stated that there are other attacks that could make people lose money in even worse ways. However, he believes that the exploit he discovered is the most significant one in terms of developers not knowing how to solve it.
Recently, leading cryptocurrency exchange Bitfinex announced that it integrated Wumbo channel support to its LN nodes. While users who used the LN to send small payments will not see any difference by using this feature, Wumbo will allow users with larger portfolios to finally participate in the LN.
The Lightning Network is a scaling solution that launched for the first time in 2018. Created as a layer 2 payment protocol, the developers behind LN sought to improve Bitcoin’s scalability issues. Despite years of development, LN did not receive the adoption level many thought it would have. While the number of nodes on LN reached 10000 in 2019, the number of Bitcoin transferred through the protocol still remains low.
If you found this article interesting, here you can find more Bitcoin news