How secure is the Lightning Network?

Bitcoin Lightning

Researchers Cosimo Sguanci and Anastasios Sidiropoulos have published their investigations into the potential attack vectors of the Bitcoin Lightning Network.

The paper takes a closer look at how malicious actors might be able to exploit network vulnerabilities to work around them or even tamper with them.

The two attacks are the so-called “zombie attack” and the “mass double spending attack”.

The Lightning Network allows the relatively slow Bitcoin blockchain to process payments quickly and keep them secure. It achieves higher transaction speeds by connecting users directly on the network through payment channels.

The first and last transaction is sent to the Bitcoin blockchain. All other transactions between them are processed by the Lightning Network outside the Bitcoin blockchain. The number of nodes is critical to the health of the Lightning Network.

How do attacks work?

In “Zombie Attack” some nodes are closed, making the coins currently in the payment channel inaccessible. The researchers’ paper talks about a form of sabotage.

The damage that can result from this is limited. For users sending legitimate payments, such an attack would only be frustrating due to the increase in transaction fees, but not fatal.

The “mass double spending attack” may be familiar to some readers. For example, if a malicious actor is able to control 51 percent of computing power on the Proof of Work blockchain, they can process transactions and send (spend) money multiple times.

However, what would be very expensive on the Bitcoin blockchain may be easier on the Lightning Network, according to the research. In principle, it is possible to bombard the Bitcoin blockchain with fraudulent transactions.

See also  Apple will have to accept alternative payments on dating apps

Remember: only the first and last transaction is sent on the Lightning Network. Pooling master nodes can send an unlimited flood of fraudulent transactions onto the blockchain.

If these nodes pay more validation fees than legitimate transactions, they will be able to skip the queue and send fake transactions. The consequences will be fatal.

double spending problem

When asked, Bitcoin Lightning developer Rene Pickhardt explained that he had already dealt with this type of double-spending attack a few years ago. Draw attention to this in an email to other developers.

Such an attack could be more serious on the Lightning Network than on the main chain. With the latter, it is actually possible to use your money only twice. However, on the Lightning Network, as long as the payment channels are sufficient, attackers can steal a seemingly random amount of money, Beckhardt said.

Can attacks be defended?

Of course, the Lightning Network is not equipped without security mechanisms. This protection is provided by the so-called watchtowers, which record the state of the network and, with the support of honest nodes, are able to identify dishonest transactions. These watchtowers must sometimes fail for such a massive double-spending attack to succeed.

Researchers at the University of Illinois were able to engineer such an attack using past congestion data on the Bitcoin blockchain. They concluded that such an attack during the backlog of transactions would have had devastating results.

In his original assessment, Beckhardt stated that he saw no way to prevent such an attack. The researchers also summarized in their work that the vulnerabilities remain unresolved to this day. They recommend improving existing security structures and strict protection against congestion on the main chain.

See also  Android apps for Windows 11: the subsystem will be launched in other countries

Another paper looking at more accurate modeling of attacks, taking into account transaction fees, is planned.

Do you want to buy cryptocurrency?

eToro offers investors, from novices to experts, a comprehensive crypto trading experience on a powerful and easy-to-use platform. We took a closer look at eToro.

To review the eToro

Leave a Reply

Your email address will not be published. Required fields are marked *