Researchers Discover Critical Vulnerability in Bitcoin Lightning Network

Researchers from the University of Illinois have discovered a vulnerability in Bitcoin’s most popular second-layer scaling protocol, the Lightning Network. Cosimo Sguanci and Anastasios Sidiropoulos published an academic paper describing a hypothetical attack based on a collaboration between node operators. At the time of publication, they estimated that a coalition of 30 nodes could steal 750 bitcoin ($17 million).

For a basic explanation of the Lightning Network, read Protos’ introduction hhere.

The researchers explain how a malicious group can control a certain number of nodes and make channels unresponsive in a so-called zombie attack.

• A zombie attack occurs when a set of nodes becomes unresponsive, locking up resources in any channel connected to those nodes.
• To defend against a zombie attack, honest nodes must close their channels and exit the Lightning Network. This requires high transaction fees to tap into Bitcoin’s base layer blockchain.
• The researchers called zombie attacks a form of vandalism. It renders Lightning Network channels useless and overloads Bitcoin’s throughput.

Zombie attacks have some elements in common with grieving attacks, where a digital asset network is spammed by “nuisance” transactions or invalid challenges.

Like griefing attacks, zombie attacks seem to serve no purpose other than to increase transaction fees and frustrate senders of legitimate transactions. They can also frustrate owners of legitimate nodes who lose the fees they earn from servicing Lightning Network transactions.

Researchers describe another Lightning Network vulnerability

The researchers also described another vector for attacking Bitcoin’s Lightning Network: a coordinated, dual-use attack.

This attack will also require the cooperation of several dozen large nodes. This attack attempts to overload Bitcoin’s base layer blockchain by submitting a flood of fraudulent closing transactions for a large number of Lightning Network channels. If the attackers paid high fees and jumped to the front of the queue, they might be able to double-spend the bitcoin.

To defend against this mass double-spending attack, honest nodes would have to submit so-called fairness transactions, contesting false channel closure requests.

In this way, the attackers would race against honest nodes to convince Bitcoin miners to include their fraudulent transactions before the fairness transactions. If honest nodes couldn’t pay miners enough to include their fairness transactions first, the attackers would win.

Watchtowers are very important to Lightning Network security

The double-spend attack requires a poorly maintained configuration of the Lightning Network watchtower. The watchtowers log the state of the publicly visible Lightning Network at all times. The watchtowers are designed to store data that is used in legal transactions to prove that someone lied or signed a fake channel termination request.

The Lightning Network Daemon (LND) includes an optional private altruistic watchtower which users can configure manually. These watchtowers will return the victim’s funds without taking an additional cut ⏤ in addition to the transaction fee ⏤ if they detect a possible attack. A Lightning Network development team is also working on it reward watchtower who will charge additional fees to perform even more tasks.

The researchers modeled the effectiveness of a mass exit attack by plotting historical congestion on the Bitcoin network. They theorized that a mass exit attack during a congestion peak that began on 7 December 2017 would have had devastating effects on the victims.

Read more: Explained: Why hackers continue to exploit cross-blockchain bridges

Researchers flag problems, encourage better safety practices

In conclusion, the researchers believe that both Lightning Network vulnerabilities are currently unaddressed. In terms of priority, a double spend mass attack is more likely to be profitable than a zombie attack.

The research paper warned that the severity of a mass double-spend attack will escalate as the Lightning Network matures. Victims would lose more money, channels would experience longer delays, and the reputation of the protocol would be at risk.

The researchers suggested defense as increasing to_safe_delay variable in watchtower configurations, which adds additional fees to wait longer if a user decides to close a channel without any response from the counterparty.

The researchers also recommended reconfiguring the watchtowers to monitor Bitcoin’s mempool for adversarial transactions.

The paper proposed a more detailed study of the two types of mass output attacks. To their credit, University of Illinois researchers actually found a previously undiscovered vulnerability in Bitcoin’s Lightning Network. Their research will help improve the open source protocol, thousands of node operators, and millions of users.

For more informed news, follow us further Twitter and Google News or listen to our investigative podcast Newly created: Blockchain City.