Lightning Network DDoS Sends 20% of Nodes Down

Lightning Network (LN) nodes faced a Distributed Denial of Service (DDoS) attack yesterday that sent offline around 200 nodes, down from around 1,050 to 870.

“Lightning nodes are getting DDOS’ed, rumor is that someone from the 2x effort known as “BitPico” has taken credit for this.

The Lightning services I’ve deployed have been attacked from the start, with botnets, etc. Deploying in adversarial conditions, decentralization is hard,” Alex Bosworth, an LN apps developer, says.

It’s unclear who Bitpico is. A twitter account with that name says they are bullish on bitcoin and are working on LN. Further tweets suggest they are hostile to Bitcoin Cash.

There are reports, however, they wanted to minority chain-split fork bitcoin to segwit2x despite it being cancelled off late last year.

A lightning network node runner going by the handle of tyzbit says his node experienced increased activity that sent his node offline:

“I noticed it on my node. I think it stopped my lnd once? Either way, my node’s load just spiked a little high a couple times, and part of my problem was leaving my screen on the terminal with lnd logs spitting to stdout at DEBUG level which greatly intensified the effects on my node. Once I stopped displaying logs to no one, my node started humming along again, DoS or not.

You can pretty clearly see when I got hit and then when I switched my screen to something else that doesn’t make so many tty updates.”

The exploit is basically using as many node connections as possible so as to prevent any new connections, with potential solutions being to limit the number of connections per IP.

Public networks, however, can not easily resist DDoS attacks, with the best defense often being as many nodes as possible.

Currently, LN has a fairly limited number because although the network has launched on main-net, it is mainly usable only by developers.

A Graphical User Interface (GUI), such as a wallet, is still lacking, with the network having few channels at this stage. Suggesting it has only a small number of users.

But the attack does show that the Lightning Network is still a very new protocol and relatively simple aspects, such as limiting connections, have not yet been refined.

Bugs and exploits, therefore, should be expected, as is the case with any just launched new open source protocol especially where money is involved.

With time alone thus showing just how secure it is, because undoubtedly there will be many hackers peering over every little aspect of it for some of that bounty.