- The researchers revealed a major vulnerability of the Lightning Network.
- The attack is fairly easy to implement, both technically and financially.
A new vulnerability discovered in the Lightning Network. The cost of the attack does not exceed $2000.
Researchers discovered that the Lightning Network is vulnerable to DoS attacks. At this stage, they are very easy to implement, and may result in slowing down or even stopping 80% of all transactions, they warned.
The vulnerability was described by Saar Tochner, Aviv Zohar (Hebrew University of Jerusalem) and Stefan Schmid (University of Vienna).
“This paper identified a novel attack on off-chain networks which introduces an interesting tradeoff both for an attacker as well as the rational defender. We have demonstrated the feasibility of this attack on different networks and provided the first analysis,” they wrote.
Lightning payment passes through a network of nodes before it is received by the recipient. If one of the nodes belongs to an attacker, it may slow down the payment processing. For a successful attack, it is allegedly necessary to open several payment channels, promise zero commissions and then fail to transfer payments.
By analyzing the principle of payment routing of different Lightning clients, an attacker can make his nodes more attractive, and thus ensuring that payments are cleared with them.
According to the estimates, the cost of an attack on 80% of all transactions will be $2000, the bad guys will have to install about 20 payment channels.
“We find that by creating 5 new channels, an attacker can hijack about 65% of the routs, and with 30 channels, it can hijack 80% of the routs of every implementation.
It is a rather dangerous attack, according to Lightning Labs developer Alex Bosworth. However, the routing system in the LND client is constantly changing, making it a “moving target.”
Share
