Rusty Russell, one of the developers of the Bitcoin Lightning Network (LN), has published a new study about the vulnerability of the network,discovered in August. In addition, in his work, Russell proposed a solution to this problem.
According to him, vulnerability appears duringopening financing channels. An attacker can open a channel, but not pay the partner or not pay the full amount. Once the minimum transaction depth is reached, the hacker will be able to withdraw funds from this channel. Meanwhile, the victim will not immediately discover the loss of funds, but only at the moment when he requests to close the channel.
As previously reported, LN project managers have alreadyurged users to update nodes as quickly as possible. According to them, nodes using LND version below 0.7, c-lighning below version 0.7, and eclair below version 0.3.1 are most susceptible to such attacks.
In addition, Russell proposed a new solution to thisProblems. According to him, after opening the channel and conducting the transaction, partners should verify that the funding transaction output [2] matches the point described in funding_created` [1], and that the transaction amount matches the amount in open_channel [3].
Based on materialscointelegraph.com