Lightning Network users received a word of caution from the Lightning Labs development team this month after a new security vulnerability surfaced. The newly found Lightning Network bug or Common Vulnerabilities and Exposures (CVE) can result in lost funds during transactions. Now, LN-nodes need to upgrade their software to avoid any potential of lost funds.
Good Work Rusty
An Australian blockchain programmer named Rusty Russel gets the credit for discovering the issue. On August 30, he posted about the potential for lost funds via a mailing list. He even urged all nodes to do updates. In the post, Russel didn’t mention any specifics of the bug, or how hackers exploited the error. He simply cautioned users. It wasn’t long after that the main LN-developers started warning users.
Lightning Labs Announces Lightning Network Bug
ACINQ and Lightning Labs CTO, Olauluwa Osuntokun described the bug only a few days later on a Sept 10 Linux foundation post. In the post, Osuntokun explains that the vulnerability exists across all Lightning Network protocols. Specifically, all C-lightning 0.7 nodes or earlier, LND 0.7 or lower, and Eclair 0.3 or lower nodes are at risk. Osuntokun then took a moment to remind users that the Lightning Network is still in Beta testing.
The CTO confirmed that there have been multiple instances of this CVE being exploited via a Twitter post. The discovery isn’t that groundbreaking as developers continue to find bugs and tweak coding as the Lightning Network reaches its second year of Beta testing.
Risk vs Reward – Lightning Network Bug
While critics continue to point out the lengthy Beta testing period the Lightning Network endured, developers took this time to prepare the Lightning Network for large scale adoption. For many involved in the project, the Lightning Network symbolizes an evolution in the crypto space.
Discussing the lengthy Beta stage, Osuntokun spoke on the channel restrictions that are in place to prevent large scale loss during the beta testing period. Basically, don’t fund your channel with more BTC than you are prepared to lose. In this instance, no exact details were shared. As it stands now, no one is sure of the exact amount of lost funds, or for how long the hackers operated.
Nodes at Risk, Not Users
One sign of relief is that the bug only affected non-upgraded nodes and not regular wallet users. Thankfully, most major nodes tend to keep their software fully updated.
Loss of Fate – Lightning Network Bug
The Lightning Network continues to be the best option for users seeking to send micropayments across the blockchain. Over the last year, developers have pushed the boundaries of the protocol in order to better understand its capabilities. Today, the Lightning Network has a capacity of 830 BTC (around $8.5 million).
While the network experienced unprecedented expansion since the start of the year, some critics argue that the network has become more centralized than ever. In response, long time BTC programmer Andreas Antonopoulos argues that the main benefit of the Lightning Network is not its decentralized aspects but rather its trustlessness.
Beta Stage Continues
For now, Lightning Network users can take relief in the fact that developers are in no rush to see this second layer protocol officially end its Beta testing process. Users should adhere to the advice of programmers and refrain from placing large amounts of BTC onto the network until this testing is complete. In this way, you can participate in the development without risking major losses.