In brief:

  • A Square crypto developer finds lightning network exploits
  • The developer says there's no easy or 'sane" fix.
  • This follows recently unearthed privacy flaws within the lightning network.

Within a thread spanning across both lightning and Bitcoin developer mailing lists, Matt Corallo, Blockstream co-founder—and recent Square crypto hire—disclosed a potential Lightning Network attack vector.

Acting as a second layer solution to the scaling conundrum, the Lightning Network, aims to improve the privacy, pace, and cost of Bitcoin transactions. However, with development still underway, a few issues are starting to crop up. 

A stack of Bitcoin. Image: Shutterstock.

A $9,000 Bitcoin bet from 2013 just got settled

Vinny Lingham, CEO of crypto wallet maker Civic, has won his six-year-old Bitcoin bet with Brent Goldman, director of engineering for Uber’s self-driving program. In 2013, when the price of Bitcoin was $200, Bitcoin skeptic Brent Goldman agreed to hand over a whole Bitcoin five years later. In return, Lingham agreed to pay him $1,000. 2018 passed and the two never happened to meet in person to settle it. Eventually they decided to do it remotely. On April 28, 2020, Goldman settled the bet on a Z...

NewsBusiness
3 min read
Tim Copeland

While reviewing a new aspect of the Lightning Network transaction mechanism, Corallo stumbled across an exploit that would theoretically allow users to extract funds held within the Hash Time-Locked Contract or HTLC. HTLCs are essentially smart contracts that require payment recipients to confirm the transaction by generating cryptographic evidence of payment or forgo the ability to claim the payment altogether. If payment isn't confirmed, the sender can claim a refund.

Bitcoin
BTC
+0.93%$84,553.22
24H7D1M1YMAX
Created with Highcharts 10.3.3Mar 20Mar 22Mar 24Mar 26Mar 28Mar 30Apr 1Apr 3Apr 5Apr 7Apr 9Apr 11Apr 13Apr 15Apr 17$75000$80000$85000$90000$70000
Price data by
BTC price

The attack enables recipients to deny the sender from receiving this refund. Corallo submits several fixes for this but suggests that none are particularly easy or "sane."

Nevertheless, the developer notes that this isn't a pressing issue as it's impractical to pull off the exploit. Still given that only one-tenth of Lightning Network nodes hold 80% of its Bitcoin, the exploit could cause more problems than first thought. 

Corallo's disclosure comes just weeks after several researchers unveiled fundamental privacy flaws within the Lightning network. After mounting numerous attacks against the network, researchers managed to analyze transaction movements and amounts, as well as their senders and recipients. 

But as Decrypt noted at the time, discovering this shortcoming early could be a good thing.

Tips

Have a news tip or inside information on a crypto, blockchain, or Web3 project? Email us at: tips@decrypt.co.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.