Second Vulnerability in Bitcoin Lightning Network Discovered, Users to Upgrade Immediately

Developers have discovered a new vulnerability in the Bitcoin Lightning Network node software, according to a recent publication. Lightning Network (LN) Node Operators, who may have earlier versions of LND released before October 1, 2020, are asked to update their software immediately.

Revealed Details on the Vulnerability

According to the report, this particular vulnerability could affect all LND versions 0.10 (and earlier). Its release was on October 9, 2020, by Conner Fromknecht, Protocol Engineer at Lightning Network (LN), head of cryptographic technology at Lightning Labs. The company raised $ 10 million through a series of A-Series in May 2020 to build the next generation of sustainable, decentralized financial infrastructure.

Engineer Conner Fromknecht wrote on the Lightning Network development channel that they have no reason to believe the vulnerability is being exploited in the wild, but they urge upgrading.

However, the team noted that they discovered the vulnerability in a way that shortens the detection process. The release of the full details concerning the bug will be on October 20.

The Labs also said it would launch a comprehensive bug reward program soon; that means there will be rewards for those who find bugs in the future.

Lightning Network Security Issues

Lightning Network is an evolving Level 2 payment protocol that runs on Bitcoin allowing faster and cheaper network transactions.

It is the second time a vulnerability surfaced in the Lightning node software. Last year, Bitcoin developer Rusty Russell discovered a separate vulnerability that allowed attackers to steal money by sending invalid transactions.

Lightning Labs never disclosed the number of users who fell victim to the exploitation in that year. However, Olaoluwa Osuntokun, CTO at Lightning Labs, confirmed that there had been instances of Common Vulnerabilities and Exposures (CVE) “being exploited in the wild.”

These two bugs are short-term software vulnerabilities rather than security issues that were critical to Lightning’s design. Many see the Lightning Network as the most promising way to speed up Bitcoin transactions and reduce transaction fees. Big crypto companies like Bitfinex and CoinGate launched the Lightning Network with no problems in sight.

Lightning Labs, on the other hand, said the project was “at an early stage” and advised consumers not to invest in Lightning with “more than they are willing to lose.” So it’s not clear if the Lightning Network is ready for prime time.

Updating the LN Protocol

Today, Blockstream, Lightning Labs, and ACINQ are the leading organizations focused on upgrading and updating the LN protocol.

However, companies like OpenNode are continually working to improve the infrastructure needed to support Bitcoin payments. But even if we don’t use the more technical LN protocols to speed up expenses, sending and receiving regular BTC payments is still quite technical for many users.