Several security vulnerabilities in the Bitcoin Lightning Network are now active in the wild. Read on to know more about it…
Bitcoin developers have been trying to make the world’s most popular cryptocurrency more useful for payments, with the somewhat controversial Lightning Network one of the most popular projects. However, several security vulnerabilities found in the Bitcoin Lightning Network that were revealed in late August are now active in the wild and could result in funds being lost from accounts. Olaoluwa Osuntokun, CTO at Lightning Labs, posted on the Linux Foundation website that Bitcoin Lightning Network users who have not updated their systems to the latest patched versions are at risk.
On August 30, 2019, Rusty Russell, an Australian software programmer and Bitcoin Lightning coder, tweeted out a warning that security issues had been discovered on the Lightning Network that could cause various projects to lose funds. The Lightning Network is an experimental second-layer scaling solution built on top of the Bitcoin Network for quicker fund transfers. The specifics of the vulnerability will be disclosed on 27 September, a common software security practice to both prevent bug exploitation and give developers time to patch problems. The security vulnerability appears to be related to the lightning-ready bitcoin wallet Eclair, which Russell also advised users to update.
“Security issues have been found in various Lightning projects which could cause loss of funds,” wrote software developer, Rusty Russell, who authored the majority part of bitcoin’s Lightning Network protocol specification, in a post shared via a Lightning Network mailing list.
Security researchers observed instances of the vulnerabilities being exploited in the wild and are warning users to immediately update to the latest patched versions. The security vulnerabilities have been patched in the latest versions Ind v0.7.1, c-lightning v0.7.1, and eclair v0.3.1.
The vulnerabilities impact various lightning projects in Bitcoin Lightning Network.
• The vulnerability tracked as CVE-2019-12998 impacts lnd version 0.7 and prior.
• The vulnerability tracked as CVE-2019-12998 impacts c-lightning version 0.7 and prior.
• The vulnerability tracked as CVE-2019-12998 impacts eclair version 0.3 and below.
Bitcoin Lightning Network has released security updates that address the vulnerabilities. The vulnerabilities have been patched in the latest versions Ind v0.7.1, c-lightning v0.7.1, and eclair v0.3.1.
Olaoluwa Osuntokun, CTO at Lightning Labs, who observed that the vulnerabilities are being exploited in the wild, has alerted the Bitcoin Lightning Network users who have not updated their systems to immediately update to the latest patched versions.
“We’d also like to remind the community that we still have limits in place on the network to mitigate widespread funds loss, and please keep that in mind when putting funds onto the network at this early stage,” said Osuntokun. The Lightning Network is a “Layer 2” payment protocol that operates on top of a blockchain-based cryptocurrency such as Bitcoin. It is designed to enables fast transactions between participating nodes.