New Method for Stealing Money From Lightning Network Nodes Disclosed by Square Developer

TL;DR: Square Crypto open source engineer Matthew Corallo disclosed an attack on Lightning Network (LN) nodes “discovered during a discussion about allowing LN commitment transactions to be CPFP fee bumped via anchor outputs,” according to the research group Bitcoin Optech, which amounts to “a new method for stealing money from LN nodes.”

New Method for Stealing Money From Lightning Network Nodes Discovered

The historic pattern for BTC follows a hike or surge in its speculative market price, media hype at such movement, mempool congestion as new buyers and traders pour-in, and an inevitable rise in transaction fees. For peer-to-peer electronic cash proponents, this phenomenon is enough to warrant debate about scaling and consideration of block size increases to prompt alleviation. Second layer solution Lightning Network was a key answer for the BTC developer community in trying to solve those issues.

Lighting is turning out to be less of an answer and instead is creating an entirely new crop of problems, according to recent disclosures by notable BTC developer Matt Corallo, Blockstream co-founder and one of the first hires last year by payments hardware and app Square to help the company focus on cryptocurrency. Bitcoin Operations Technology Group (Optech), founded by Wences Casares, John Pfeffer, and Chaincode Labs (of which Corallo is also an alum) noted Corallo’s posting on two mailing lists, one geared toward Lightning devs, the other BTC devs.

Lightning NetworkDuring the discussions, Corallo disclosed an “issue partly [overlapping] with an existing well-known fee management issue that has not been exploited (to our knowledge) because almost all onchain transactions relayed in the past two years confirmed relatively quickly even if they only paid the default minimum relay feerate. If feerates increase significantly for an extended period of time, these issues will become more critical,” Bitcoin Optech Newsletter #95 explained.

Furthermore, “Several solutions were considered in the thread, but all had problems or involved significant tradeoffs,” the research group noted. The disclosure comes after two new studies by scientists in Europe and the United States cast doubt on the supposed privacy benefits of Lightning Network, claiming channel balances could be easily obtained and that LN suffers from inherent design flaws.

Bitcoin Cash

CONTINUE THE SPICE and check out our piping hot VIDEOS. Our podcast, The CoinSpice Podcast, has amazing guests. Follow CoinSpice on Twitter. Join our Telegram feed to make sure you never miss a post. Drop some BCH at the merch shop — we’ve got some spicy shirts for men and women. Don’t forget to help spread the word about CoinSpice on social media.

DYOR: CoinSpice is your home for just spicy crypto things. We’re not affiliated with any cryptocurrency project or token. Each published piece is intended for information purposes only, not investment advice and not in the hope of impacting speculative markets. There are plenty of trading sites and coin-specific advocacy journals out there, we’re neither. CoinSpice strives for rigorous accuracy in our reporting. Information presented here is contingent usually on a host of factors, and the ecosystem moves fast — prices change, projects change, and at warp speed. Do your own research.

DISCLOSURE: The author holds cryptocurrency as part of his financial portfolio, including BCH.