New Lightning Network Security Vulnerability May Cause Loss of Funds – Trustnodes

New Lightning Network Security Vulnerability May Cause Loss of Funds

0

Lightning Network Abstract

“Security issues have been found in various lightning projects which could cause loss of funds.”

So says Rusty Russell, a developer of bitcoin’s Lightning Network, without revealing any detail regarding the problem.

Instead he says “full details will be released in 4 weeks,” presumably so that the vulnerability is not exploited in the meantime.

He urges all those running the Lightning Network (LN) to upgrade, publicly stating:

“Everyone should probably have upgraded a while ago, but just to be sure: c-lightning < 0.7.1, lnd < 0.7, eclair <= 0.3 vulnerable.”

Three Common Vulnerabilities and Exposures (CVE) have been reserved. One of them says:

“This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.”

A new LN client version was released recently, with this vulnerability apparently not applying to this new client:

It isn’t very clear what exactly is going on, but there seems to be some problem with older LN nodes. Will update if further details become available.

Copyrights Trustnodes.com

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments