Bitcoin Lightning Network vulnerability relating to channel opening and closing disclosed

posted 20 days ago
A Lightning Network vulnerability was recently disclosed by a Blockstream Core Tech Engineer. The report states an attacker can claim to open a channel but either not pay the peer, or not pay the full amount. The vulnerability was reported to the most widely used implementations: Eclair and 1nd, and the team made the decision to fix security issues and disclose information about it after a majority of the users had upgraded to the latest release.

An initial announcement about security issues was made on August 30th, and another on Sept. 10th. The complete disclosure of the vulnerability, released on September 27th described the problem as “A lightning node accepting a channel must check that the funding transaction output does indeed open the channel proposed. Otherwise, an attacker can claim to open a channel but either not pay to the peer, or not pay the full amount… Once that transaction reaches the minimum depth, it can spend funds from the channel. The victim will only notice when it tries to close the channel and none of the commitment or mutual close transactions it has are valid.”
Tags: bitcoin, news