On September 18, a Redditor posted on the r / bitcoin forum explaining how he discovered a way to “attack” [the] Lightning Network’s custody services. “The Reddit account called” Reckless Satoshi “wanted to find out if a” discrepancy between real routing fees and the service’s transaction fee could be exploited for profit. ” The researcher announced that he wanted to see how big the damage could be and said, “It’s bad”.
6 Lightning Network Custodial Services attacked, researcher exposes offenders prior to disclosure
A Redditor named Reckless Satoshi posted a disclosure post on r / bitcoin last Saturday, revealing how he found a vulnerability in routing charges and some of the Lightning Network’s custody services. The research attack was conducted in good faith and after it was completed it reported the errors to the offending services before publishing its results. Reckless Satoshi used the Lightning Network (LN) attack on six different services, including Bitfinex, Muun, Okex, Lnmarkets, Southxchange and Walletofsatoshi.
The ruthless Satoshi said the attack was “cheap but not free” and a “simple attack”. After funds are deposited into the custodian services, Reckless Satoshi uses “a node that forwards payments between the custodian and the receiving node”.
“If a positive net return is possible, all that needs to be done is tweak the size of the fee charged and the transaction speed to see how big the damage could be,” added Reckless Satoshi. “It’s easy to see how this attack on any service must be feasible [a] free withdrawal fee. “
Reckless Satoshi also posted his attack on the code repository site Github. After explaining how to place a knot in the center, the researcher added:
This is one of the simplest attacks. Actually the only LN attack I can think of, but I’m also just a newbie to the learning curve. I assume there are people out there who are much better able to do this research. Who knows, there may have been significant losses in the past that have not been disclosed.
The total value of Lightning Network is $ 112 million, up over 100% since the end of July
The visitors who read Reckless Satoshi’s forum thread thanked him for doing the research and reporting the bugs to certain custody LN providers. “I’m glad to see that people aren’t just hacking / exploiting the system for malicious purposes or making a quick profit from it,” wrote one person in response to the reveal. Additionally, a number of redditors discussing Reckless Satoshi’s findings argued over what to call the attack.
At the time of writing, the Lightning Network’s Total Value Locked (TVL) is down 9.3% in the past 24 hours. However, since July 20, 2021, the LN TVL jumped over 100% from $ 56 million that day to today’s (over 2,600 BTC) $ 112 million TVL on the Lightning Network. Much of the TVL’s 9.3% decline in LN is due to the recent collapse of the crypto market on Monday morning, September 20, as the crypto economy lost 9% in value over the past 24 hours.
What do you think of the Lightning Network attack described by Redditor Reckless Satoshi? Let us know what you think on this matter in the comments below.
Photo credits: Shutterstock, Pixabay, Wiki Commons, defipulse.com
Disclaimer of liability: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement for any product, service, or company. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author are directly or indirectly responsible for any damage or loss caused or allegedly caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.