- After a critical bug in the code of the Bitcoin Lightning Network was discovered at the end of June, the details of the bug became public yesterday.
- The attackers were able to open a payment channel with a “fake” transaction and then steal the Bitcoin from their peers.
At the end of August, the Australian Bitcoin developer Rusty Russell discovered a vulnerability within the Bitcoin Lightning network and drew attention to it. He warned the Bitcoin community that the bug in the Lightning Network could lead to a loss of Bitcoin (BTC). Accordingly, Russell urged all node operators to update their software versions.
Yesterday further details about the bug became public, how the vulnerability could be exploited by a hacker. In a statement, Russell described in detail how the hackers managed to exploit the bug and steal BTC.
To open a payment channel within the Lightning network, an opening transaction is required to activate the payment channel. The Lightning Node, which accepts a channel, must therefore first verify that the first transaction for the proposed channel was actually made. Otherwise, an attacker can claim to open a channel, but either not pay the peer or not pay the full amount.
After creating the payment channel, the honest users sent BTC to the attacker without knowing that the previous transaction was fake. The victims did not notice the scam until they closed the channel because the closing transactions were invalid. However, it remains unclear how many users were victims of such attacks.
It was also made public that different Lightning clients were affected in different ways. While C-Lightning could exploit the bug very easily, Ind and Eclair needed special circumstances to exploit the bug. On the positive side, however, the bug in each client was fixed very quickly. After the bug was discovered on June 27th and the developers were notified, Ind released a patch on July 2nd, Eclair on July 3rd and C-Lightning on July 4th.
Understanding the issue: How does the Lightning Network work?
The Lightning Network is a layer-2-payment protocol that enables lightning fast and almost free transactions on the Bitcoin blockchain. To use it, users must open so-called “payment channels” in order to send and receive Bitcoin. The transactions are processed “off-chain”. This means that not every single transaction has to be verified by the miner and therefore not written into the Bitcoin blockchain.
For this to work, a multi-signature wallet must be installed by the users. Before a payment channel can be opened, the wallet addresses of the users are stored in the Bitcoin blockchain, including a balance of how much Bitcoin belongs to each user within that payment channel.
Once the payment channel has been opened, all users of the payment channel can make an unlimited number of transactions. Each transaction only needs to be signed and confirmed by both parties. An updated balance is then compiled of how much Bitcoin belongs to each individual wallet. The updated balance will only be uploaded to the BTC blockchain when both parties close the payment channel.
Due to this architecture, the attackers were able to open a “fake” channel as a result of the bug and then obtain BTC payments by fraud.