Researchers on the College of Illinois have found vulnerabilities within the Bitcoin (BTC) Lightning Community that would end result within the theft of 750 BTCs (roughly $18 million).
The 2 researchers, Cosimo Sguanci and Anastasios Sidiropoulos, printed a paper the place they defined the vulnerability within the Layer 2 community utilizing a hypothetical case the place malicious nodes can collude for an assault.
“A coalition of simply 30 nodes may lock the funds of 31% of the channels for about 2 months through a zombie assault, and will steal greater than 750 BTC through a mass double-spend assault.”
Zombie assault
In line with the paper, a zombie assault is a type of vandalism that congests the community and make the lightning community unusable.
A zombie assault is a state of affairs the place some nodes are unresponsive, thereby locking funds related to those nodes.
The paper acknowledged that the one option to defend towards this assault can be for the sincere nodes to shut their channel and return to the Bitcoin Layer 1 community. However that may price rather a lot in transaction charges.
Double spend assault
One other sort of mass exit assault found by the researchers is the double-spend assault. The assault would require the cooperation of a number of malicious nodes to overload the Bitcoin Layer 1 blockchain with fraudulent closing transactions.
If the attackers pays the excessive charges ensuing from the community congestion, they’ll be capable of skip the queue and double spend Bitcoin.
However this assault is just potential when there’s a flaw within the configuration of one of many Lightning Networks watchtowers.
Watchtowers function
The watchtowers hold observe of the state of the Lightning Community and retailer all information used for normal transactions, additionally known as justice transactions.
Sincere nodes must submit justice transactions to dispute the fraudulent requests, so if all watchtowers are working successfully, it’s straightforward to establish fraudulent channel closing requests.
A poorly maintained watchtower can present the right entry level for a mass double-spend assault, which may considerably have an effect on the victims.
A double spend assault can be disastrous for the community
The researchers wrote {that a} double-spend assault might be probably the most catastrophic if it occurs.
They added that the severity would solely improve because the community continues to develop, therefore the necessity to take care of the vulnerabilities successfully and instantly.
They concluded by recommending the cautious configuration of watchtowers. “Ideally, they need to monitor layer-1 congestion and reply aggressively within the case of excessive congestion,” the paper famous.
The brand new revelation additional provides to the record of different vulnerabilities on the community, comparable to a Griefing assault, Flood and loot, time dilation eclipse, and pinning.
In the meantime, regardless of these vulnerabilities, malicious gamers have been unable to use the community.
