March 29, 2024

Lightning Network discovered the possibility of an attack on the chain of payment channels

Researchers from an Israeli university claim to have discovered a vulnerability in the Lightning Network thatallows you to steal BTC during transactions.

In a study by Jona Harris and AvivAviv Zohar from the Hebrew University of Jerusalem discovered that attackers can exploit a Lightning Network vulnerability to steal users' BTC.

Bitcoin Lightning Network – payment networksecond level, which was introduced in 2018. Researchers discovered that the attack uses a mechanism to send payments across multiple Lightning channels — Hash Locked Time-Locked Contract (HTLC). HTLCs allow participants to route payments through trustless intermediate nodes, supposedly guaranteeing that the funds will not be stolen by any of them.

Although these nodes may try to steal bitcoins,but they will have little time for this. According to the researchers, hackers may try to increase this time period. In the attack described by Harris and Zohar, “the attacker forces many victims to flood the blockchain with claims to their BTC at the same time. Then, the hacker can use the overload they created to steal bitcoins that were not claimed before the deadline. ”

</p>

For successful theft, an attacker must attack85 channels at a time. The report says that it’s pretty easy for hackers to find unsuspecting victims. Vulnerable nodes should only demonstrate a "willingness to open a channel" with the attacker.

“We found that the vast majority of active nodes (~95%) are willing to open a channel upon request and are therefore likely to fall victim to this attack,” &#8212; write the researchers.

</p>

At the same time, it is very problematic to fully defend against such an attack. The study says:

"We believe that in many ways thesevulnerabilities &#8212; integral to how the Lightning Network works and therefore the attack cannot be completely avoided without major changes to the technology itself.”

The article states that the research results were shared with the developers of the three major Lightning implementations prior to publication.

Earlier this year, university researchersNorway and Luxembourg have discovered a privacy issue in the Lightning Network. The vulnerability allows revealing the balances of the nodes through which the transaction passes.

</p></p>