Lightning Network Bug Details Revealed

As previously reported, Lightning Network developers warned users of a common vulnerably and exposures (CVE) threat discovered earlier in the month. The bug allowed nefarious actors to steal channel funding from nodes. This week, developers explained exactly how the lightning network bug pulled off the heists.

Lightning Network Bug Details

Details of the inner operations of the bug came from the same Blockstream programmer who first discovered the CVE – Rusty Russell. Originally, Russell notified users via an August 30th newsletter in which he urged all nodes to update to avoid any losses.

At that time, developers kept the bug's operations out of public knowledge to avoid more thefts. This approach gave developers time to notify nodes and patch the bug.

How the lightning Network Bug Functioned

According to Russel, the bug related to the opening of new payment channels. Whenever you open a new channel on the Lightning Network, you need to fund it.

Importantly, all nodes must verify that new channels originated with a funding transaction. Herein lies the issue. Hackers would claim to open a new channel and fund it. But in reality, they wouldn't fund the channel at all, or in some instances, only partially fund the channel.

Rusty Russell on Lightning Network Bug via Twitter

The glitch allowed hackers to open these channels without verifying the funding. The actual losses showed only when the channel closed. At that time, the node's closing transaction would show invalid and the funds lost would become evident. Sadly, the hackers were able to leave before the nodes realized what happened.

Different Protocols Affected Differently

Notably, different protocols were more susceptible to attack than others. For example, the C-Lightning protocol seems to take the hardest hits. All users needed to get the 0.7.1 update or remain vulnerable. Both lnd and eclair were less affected. This is because additional circumstances had to be met for the hack to succeed in these languages.

So How Many BTC Were Lost

At this time, nobody knows the exact amount of funds stolen so far. Lightning Labs did confirm there were losses but did not elaborate on the specific amounts. The developers also urged all nodes to upgrade immediately to prevent further losses.

Lightning is Stronger than Ever

While this latest bug got Lightning Network naysayers worked into a frenzy, the fact remains that this unique second layer protocol is Bitcoin's best option to avoid scalability concerns in the future. The Lightning Network provides a reliable solution for instant, low-cost, microtransactions. These transactions are a crucial part of expanding Bitcoin’s use.

Also, developers continue to expand on Bitcoin's functionality via the Lightning Network. Just this month, FOLD released an LN-update which allows users to purchase Bitcoin directly from the platform. Now, mega exchanges like Coinbase have some competition in the sector.

Lightning Network Bug Squashed

Developers are in no rush to release the finished Lightning Network protocol. You can expect to see corrections and updates continuously as Beta testing finalizes and more users join. For now, all participants should understand that channel limits are put in place for your protection.