New Lightning Network Security Vulnerability May Cause Loss of Funds – Trustnodes

New Lightning Network Security Vulnerability May Cause Loss of Funds


Lightning Network Abstract

“Security issues have been found in various lightning projects which could cause loss of funds.”

So says Rusty Russell, a developer of bitcoin’s Lightning Network, without revealing any detail regarding the problem.

Instead he says “full details will be released in 4 weeks,” presumably so that the vulnerability is not exploited in the meantime.

He urges all those running the Lightning Network (LN) to upgrade, publicly stating:

“Everyone should probably have upgraded a while ago, but just to be sure: c-lightning < 0.7.1, lnd < 0.7, eclair <= 0.3 vulnerable.”

Three Common Vulnerabilities and Exposures (CVE) have been reserved. One of them says:

“This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.”

A new LN client version was released recently, with this vulnerability apparently not applying to this new client:

It isn’t very clear what exactly is going on, but there seems to be some problem with older LN nodes. Will update if further details become available.


Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>