TL;DR: Lightning Network (LN) developer Olaoluwa Osuntokun revealed “We’ve confirmed instances of the CVE being exploited in the wild. If you’re
not on the following versions of either of these implementations (these
versions are fully patched), then you need to upgrade now to avoid risk of
Lightning Network Devs Urge “Upgrade Now to Avoid Risk of Funds Loss”
“This is also a great time to remind folks that we have limits in place to mitigate widespread funds loss at this early stage. There will be bugs. Don’t put more money on Lightning than you’re willing to lose!” came the tweet from Lightning Labs after pointing to which versions are at risk. “We recommend updating with all versions, [as] there are always improvements and fixes,” they later clarified.
“We’d also like to remind the community that we still have limits in place on the network to mitigate widespread funds loss,” Osuntokun insisted, “and please keep that in mind when putting funds onto the network at this early stage. If you have trouble updating for whatever reason, feel free to reach out to the developers of the respective implementations referenced above.”
This follows the rather vague, cryptic missive sent out at the end of last month by yet another Lightning Network developer. “Security issues have been found in various lightning projects which could cause loss of funds,” Rusty Russell posted. “Full details will be released in 4 weeks (2019-09-27), please [upgrade] well before then,” citing the effected releases as being “CVE-2019-12998 c-lightning < 0.7.1; CVE-2019-12999 lnd < 0.7
CVE-2019-13000 eclair <= 0.3.” CVE is short for Common Vulnerabilities and Exposures.
Lightning is the supposed answer to faster, cheaper transactions associated with BTC in light of on-chain efforts succumbing to notorious scaling issues which caused a split, creating Bitcoin Cash (BCH) back in summer of 2017. The LN project has since been beset by pushbacks and delays, so prolific as to cause its own crypto meme: 18 months — as in, LN is perpetually 18 months away from release. What does exist in the wild of LN came under fire back in June when it was discovered Lightning Labs levied nearly a dozen trackers with its software, effectively monitoring users without permission.
DISCLOSURE: The author holds cryptocurrency as part of his financial portfolio, including BCH.
CONTINUE THE SPICE and check out our piping hot VIDEOS. Our podcast, The CoinSpice Podcast, has amazing guests. Follow CoinSpice on Twitter. Join our Telegram feed to make sure you never miss a post. Drop some BCH at the merch shop — we’ve got some spicy shirts for men and women. Don’t forget to help spread the word about CoinSpice on social media.