A vulnerability has been discovered in Lightning Network, a scaling solution that aims to reduce transaction costs and increase speed in Bitcoin.
A developer working in Square’s cryptocurrency department has revealed an attack system that allows funds to be withdrawn from the Lightning Network.
According to a claim circulating in the mailing lists of Lightning Network and Bitcoin developers; Matt Corallo, who has recently been hired for Blockstream co-founder and Square’s crypto department, has revealed a potential Lightning Network attack vector.
Developed as a solution to the scaling problem, Lightning Network aims to improve privacy and speed as well as reducing transaction costs in Bitcoin. The development of the network still continues, but various problems also arise in this process.
While looking at a new aspect of the Lightning Network, Corallo found an error that allowed users to theoretically withdraw funds in Hash Locked-Time contracts (HTLC-Hash Time-Locked Contract). HTLCs are actually smart contracts that enable the party that will receive the payment to create cryptographic proof of payment, to confirm it or to stop asking to pay. If the payment is not confirmed, the party sending the money can request a refund.
Attack mechanism prevents refund
The attack mechanism allows the recipient to prevent the other party from getting the money back. Although Corallo offers several solutions to the problem, none of them claim to be easy or very successful. Still, developer Corallo argued that the problem is not something that needs to be solved urgently, and that it is unreasonable to remove this error now.
Corallo’s reminder that he found this error reminds us that some researchers talked about privacy issues on the Lightning Network a few weeks ago. After countless attacks on the network, the researchers managed to detect transaction transactions and senders and receivers.