Bitcoin developer Antoine Riard has disclosed two new bugs that affect wealthy node operators within the Lightning Network, a payments protocol with over $500 million worth of BTC capacity.

The transaction jamming attack exploits Bitcoin Core software’s transaction selection, announcement, and propagation mechanisms of Lightning Network-connected Bitcoin full nodes.

Dubbed “transaction relay throughput overflow attacks,” the bugs allow an assailant to steal bitcoin (BTC) from the wealthiest Lightning nodes. Although there’s no evidence that a thief has actually exploited these bugs, Lightning implementation providers Éclair and Core Lightning are already working on software patches.

Specifically, the cost- and time-intensive attack is only worth the effort for victims with more than roughly $130,000 worth of BTC and is best suited for nodes holding above half a million dollars.

Bitcoin Lightning transaction relay throughput overflow attacks

The attack would enable a thief to steal funds from the victim’s Lightning channel by preventing time-sensitive transactions such as justice transactions from propagating through the network. After jamming the node for 32 Bitcoin blocks (Core Lightning defaults) or 140 blocks (Éclair defaults), the robber could make off with an irrevocable bounty.

In regular clock time, that would mean approximately 5.5 hours to steal from a default Core Lightning node or 24 hours for a node running Éclair default software.

By default, nodes limit the number of unconfirmed transactions they transmit or accept at any given time to reduce the chance of various denial-of-service (DoS) attacks. The attacker can conduct a high overflow jamming attack that blocks the victim from sending a justice transaction by continuously overwhelming the node with high fee rate transactions. 

By default, a Bitcoin Core node will always choose to propagate the highest fee transactions first and queue lower fee transactions — even if one of those lower fee transactions is the nodes’ own Lightning Network justice transaction.

This is one bug that Core Lightning and Éclair are patching, thanks to Riard’s responsible disclosure.

Again, the high overflow jamming attack blocks the victim from sending an anti-theft transaction by continuously overbidding with higher fee transactions, hence the name “high overflow.”

For this reason, the attack is expensive — with initial estimates north of $130,000 throughout the hours of the attack.

In addition to this high overflow jamming attack, Riard explained another variation of the transaction jamming bug: low overflow.

A variation with thousands of low-fee transactions

The low overflow is a cheaper variant but less reliable for the attacker. Here, to save money, the attacker targets a victim trying to send a transaction to nodes with a maximum unrequested transactions queue of 5,000 per peer.

The attacker floods the victim with a large number of transactions using a minimum transaction fee rate. The victim then announces these transactions to its peers and the peers try to drain the queue by requesting those transactions. If the attacker can maintain a queue of over 5,000 transactions, the attack might be successful. 

Technically speaking, the low overflow attack leverages Lightning nodes’ interaction with Bitcoin Core’s MAX_PEER_TX_ANNOUNCEMENTS default, causing inbound transactions to overflow this threshold.

Read more: New Bitcoin Lightning Network bug: Unattributed payment routing

Patching the bug

Riard proposed several mitigations for Lightning Network node software implementations. These providers are working on patches, including random transaction rebroadcasting, more aggressive fee-rebroadcasting, limitation of identical finality time-sensitive transactions, and over-provisioning of transaction relay throughput with peer nodes.

He also proposed changes to Bitcoin Core itself to assist Lightning Network operators. However, changes to Bitcoin Core typically take far longer and need more reviews than Lightning software implementations.

Riard’s Critical Vulnerability Error (CVE) request number 178025 is tracking bug patches of his high and low transaction relay throughput overflow attacks.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Bitcoin Lightning bug could jam and steal millions of dollars appeared first on Protos.

Kraken has ended a privacy and cost-saving feature for some of its customers. Since April 2022, the crypto exchange had supported withdrawals into Bitcoin’s most popular ‘layer 2,’ the Lightning Network. However, as of September 10, Kraken has discontinued support for Lightning withdrawals in Germany.

In its list of acceptable address types for BTC withdrawals, Kraken has removed the ‘lnbc’ prefix from its list of supported assets for German customers. That confirms Kraken’s denial of Lightning withdrawals, yet Kraken never published a dedicated statement in plain English about disabling its Lightning Network support in Germany.

In response to a single customer inquiry, a support agent at Kraken attributed the removal to “regulatory issues,” offering a consolation, “as soon as we are able to bring back the service, we will.”

The Lightning Network is a mesh network of users who maintain ‘bar tab’-like ledgers of off-blockchain BTC transactions. It can process approximately 5,200 BTC and boasts faster, cheaper transaction times.

Importantly, by moving transactions off Bitcoin’s blockchain, many German customers used the Lightning Network for its privacy features.

Aside from Germany, Kraken is also wrestling with legal issues in its home country. The SEC is suing Kraken for operating an allegedly unregistered securities exchange. That lawsuit is quickly advancing toward jury trial in California.

A spokesperson for Kraken provided the following clarification regarding the incident. “After investigation of the issue, we found that Kraken Support incorrectly cited regulatory changes as the reason for halting Lightning support in the German market. The change of service for German clients wanting to use Lightning is the result of technical changes. While we always strive to provide the best and most innovative services to our clients, we unfortunately sometimes have to make tough decisions to ensure we can offer a reliable and secure platform for as many clients in Germany as possible.”

Update 21:41 UTC, Sept 14: Added quote from Kraken spokesperson.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Kraken drops Lightning Network in Germany for ‘regulatory issues’ appeared first on Protos.

Depending on which lawyer you ask, it might be perfectly legal or a crime to operate a Bitcoin Lightning node. But this area of the law has nothing to do with securities or the SEC. Rather, Bitcoin’s Lightning Network may be subject to 18 U.S. Code § 1960, the Prohibition of Unlicensed Money Transmitting Businesses.

Bitcoin is a commodity, so operators of regular Bitcoin nodes — which don’t earn fees for validating transactions — aren’t subject to the jurisdiction of the US Securities and Exchange Commission (SEC).

Instead, the US Commodity Futures Trading Commission (CFTC) oversees any trading of Bitcoin futures or derivatives. Sure, the SEC regulates any securitized products involving bitcoin, such as mining companies and ETFs, but otherwise leaves the network alone.

In contrast to Bitcoin nodes, however, the Lightning Network uses entirely different software. Importantly, most Lightning node operators earn fees for routing transactions. This makes their labor quite distinct from the voluntary, unpaid labor of regular Bitcoin nodes.

For context, the Lightning Network is a mesh network of users sending and receiving bitcoin off-blockchain via ‘bar tab’-like payment channels. With just one opening and closing transaction on Bitcoin’s regular blockchain, Lightning network users can route unlimited bitcoin through Lightning nodes within seconds and for minimal cost. Lightning sacrifices Bitcoin’s absolute security and decentralization for the cheap, fast convenience for this experience.

The crime of unlicensed money transmission

According to US law, it’s a crime punishable by up to five years in prison to knowingly control or manage an unlicensed money transmitting business. A money transmitting business ‘affects interstate or foreign commerce… by transferring funds on behalf of the public by any and all means.’

This includes any person who, without a license, ‘engages as a business in the transmission of currency, funds, or value that substitutes for currency, including any person who engages as a business in an informal money transfer system or any network of people who engage as a business in facilitating the transfer of money domestically or internationally outside of the conventional financial institutions system.’

There are a few key phrases in that definition, such as ‘business’ and ‘on behalf of the public.’ However, the final sentence is frighteningly clear.

For Bitcoin Lightning node operators, however, it’s not a great definition.

Lightning node operators seemingly engage with one another as a business. Legally defined, a business is ‘an enterprise that is carried on for profit or financial gain.’ Lightning routing node operators connect to one another in order to facilitate the movement of bitcoin for a fee.

They also seemingly transfer money ‘outside of the conventional financial institutions system.’

So, are Lightning node operators illegal money transmitters? Is operating a routing node a federal crime?

Disagreement on whether Lightning nodes are illegal

Well, lawyers disagree on a couple of words here. Specifically, most lawyers disagree on the legal intent of ‘business’ and ‘money.’

It’s unclear whether Lightning node operators, even when coordinating with one another to profitably route payments, are meaningfully a ‘business’ as Congress intended. 

Similarly, it’s unclear whether Congress intended ‘money’ to encompass bitcoin, which possesses some characteristics of money — store of value, medium of exchange, standard of value, unit of account, etc. — but has more historical volatility than most conventional currencies.

Another important phrase is ‘on behalf of the public.’ Is the Lightning network really a public service, or more a niche for enthusiasts?

Read more: LND Onion Bomb: Another Lightning Network bug put users’ bitcoin at risk

Must money transmitters control funds?

Lastly, many lawyers disagree on a contentious quality of money transmission: control of funds. According to many pro-crypto lawyers and even a couple of senators, money transmitters must have control of funds in order to engage in the business of transmitting funds on behalf of the public.

If true, this would probably exempt Lightning routing nodes from the licensing requirements of money transmission, as Lightning nodes never possess nor control bitcoin (except the one-way control to route a payment along a user-specified path).

However, the US Justice Department (DoJ) wholeheartedly disagrees that the law requires money transmitters to control funds. In a court filing, the DoJ explained its view: “That ‘control’ is a prerequisite for any money transmitting business is legally baseless, contrary to the plain text of the statute.” 

The DoJ continued, “Under the ordinary meaning of the word ‘transfer,’ there is no requirement that the transferer exercise control over the funds being transferred… If Congress had intended that control of the funds was a requirement, it could have said as much in the plain text of the statute. It did not.”

Disagreement between pro-crypto lawyers and the DoJ on the control of funds aspect of money transmission continues today. The DoJ is actively litigating criminal counts against defendants like the Tornado Cash and Samourai co-founders that depend on Congress not intending to include control of funds in money transmission statutes. The outcome of this disagreement will certainly be fascinating.

No legal clarity for Bitcoin’s Lightning Network

In any case, it’s unfortunate for fans of Bitcoin’s Lightning Network that users don’t have legal clarity. Ask a dozen lawyers whether a Lightning routing node operator is a member of an illegal money transmitting business, and you will receive a dozen nuanced responses, occasionally in opposition to other counsel.

Unlike Bitcoin’s commodity blockchain and network of volunteer nodes, the Lightning Network’s fee-earning routers might have a different legal classification.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Is it illegal to operate a Bitcoin Lightning node? appeared first on Protos.

Burak, the developer who hacked Bitcoins Lightning Network with a 998-of-999 multi-signature Taproot transaction, has created a new Bitcoin layer 2. It has no proprietary token and does not require any fork.

It’s dubbed ‘Brollups’ — a portmanteau of either ‘Burak’ and ‘rollup’ or ‘bro’ and ‘rollup.’ 

A rollup is a bundle of transactions that occur off-blockchain. They’re ‘rolled-up’ into a consolidated file and mined on-chain. Also known as a ‘layer 2,’ they’re essentially separate blockchains that borrow security and value from a base, ‘layer 1’ blockchain like Bitcoin.

Brollups don’t require a fork of Bitcoin’s consensus code. This is notable because Burak has received donations for his work on a separate layer 2 that would require a Bitcoin fork: Ark. In particular, Ark’s Virtual Transaction Output (VTXO) tree requires an on-chain covenant to pre-determine transaction trees. 

In contrast, Brollups don’t rely on covenant operation codes like CheckTemplateVerify or TransactionHash in Bitcoin Core software.

Burak launches new Bitcoin layer 2

Burak earned a bit of notoriety as a Bitcoin developer on October 9, 2022. He broke LND, the most popular implementation of Bitcoin’s most popular layer 2, Lightning. The achievement wasn’t malicious, and he didn’t steal any money from the stunt. Instead, he simply exposed another unintended consequence of Taproot, one of Bitcoin’s most complicated and counterintuitive software upgrades.

During the initial days of marketing Taproot, many proponents advertised its ability to enable smart contracts on Bitcoin and otherwise deprecate features of Ethereum. In reality, less than 2% of Bitcoin transactions utilized Taproot until Casey Rodarmor launched his NFT and token platform Ordinals.

By May 7, 2023, approximately four months since the launch of Ordinals, over three-quarters of Bitcoin transactions utilized Taproot.

By revealing the unintended consequences of Taproot, Burak became a notorious developer. As it turns out, Taproot allowed a hacker to freeze thousands of bitcoins within the Lightning network.

Read more: Bug freezes bitcoin inside Lightning Network for hours

In a similar way, Burak is now attempting to show how Bitcoin — without any fork or covenant OpCodes — can emulate covenants. 

Indeed, many rollups and layer 2s involve trust, with initial versions of Ethereum’s most popular layer 2s, Arbitrum and Optimism, relying on leadership control of private keys over a multi-sig smart contract. 

So, if a layer 2 reintroduces trust and centralization anyway, why is a separate token like Optimism’s OP or Arbitrum’s ARB needed at all? 

Coinbase launched a layer 2, Base, without any proprietary token. Base relies heavily on Coinbase as a trusted party. Similarly, Burak’s Brollups introduce trust in a small group of Brollup operators and allow cheap, fast Bitcoin transactions without introducing any additional token.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Lightning Network hacker Burak introduces new Bitcoin layer 2, Brollups appeared first on Protos.

Bitcoin’s most popular layer 2, the Lightning Network, had another bug that put users’ funds at risk. Lightning scales faster and cheaper than regular bitcoin transactions by allowing users to join payment channels, therein conducting off-blockchain, ‘bar tab’-like transactions.

By jotting down increases and decreases in bitcoin balances within these payment channels, Lightning users ‘send’ and ‘receive’ bitcoin faster and cheaper than paying miners for the full security and decentralization of on-blockchain transactions.

However, the trade-off for this speed and affordability is evident in this week’s disclosure: security.

LND, one of the four most popular implementations of Lightning, is now in version 18 yet has disclosed a vulnerability affecting versions prior to 17. (Lightning developers waited approximately nine months to disclose the bug, as a precaution.)

They named the bug the LND Onion Bomb.

LND Onion Bomb

The vulnerability is a classic denial of service (DoS) attack. Specifically, attackers can overwhelm LND nodes with onion data packets, using up all of the node’s RAM and taking the node offline.

Worse, the attack is Tor/Onion-based, so it’s private by default. The identity of the assailant remains private throughout the lengthy attack, making it difficult.

Read more: Critics claim ‘buggy’ Bitcoin Lightning Network is slowly dying

Going offline isn’t problematic for a regular Bitcoin full node, but it’s very bad news for a Lightning node. Offline Lightning nodes may not validate or receive payments, cannot surveil the network for cheating, and are vulnerable to forced channel closures whereby a counterparty steals all remaining funds in the payment channel.

If the attacker continues DoS’ing the victimized node operator for long enough, the time period for broadcasting a Justice Transaction expires and irrevocably transfers ownership of the stolen bounty to the attacker.

A responsible Lightning bug disclosure

So far, there are no major reports of funds stolen from this so-called ‘LND Onion Bomb’ attack. A developer responsibly disclosed it to Lightning Labs on June 20, 2023 and developers patched the exploit by October 3, of that same year with Lightning node software release LND 17.0.

Two days ago — nine months after the patch — developers publicly disclosed the issue.

It’s not the first time the Lightning network has suffered a serious vulnerability that placed users’ funds at risk. Over the years, hackers found a jamming attack, replacement cycling attack, BTCD library bug, unattributed payment routes, LNTXbot breach, and various other bugs in Lightning implementations.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post LND Onion Bomb: Another Lightning Network bug put users’ bitcoin at risk appeared first on Protos.

Bitcoin’s Lightning Network was supposed to be the key to scaling Bitcoin adoption globally. Its proponents touted cheaper and faster transactions plus an emergent social graph for a new Bitcoin economy.

Seemingly magical demonstrations by influencers like Jack Mallers heralded a fulfillment of Bitcoin’s promise of peer-to-peer electronic cash. With transaction fees so cheap and transactions so instantaneous, Bitcoiners started buying coffee and groceries over the Lightning Network.

The idea was simple: sign a simple smart contract and transact endlessly via ‘bar tab’-type paper contracts, rather than paying an on-chain transaction fee every time.

Unfortunately, Lightning usage started to stall in late 2023 and since then, several long-time Lightning believers have renounced their faith.

In short, critics believe that the Lightning Network is slowly dying.

Dwindling bitcoin capacity

The amount of bitcoin that a user of the Lightning Network can access by joining a publicly available channel began dipping below 5,000 in December 2023. After months of steady decline, Lightning currently has a capacity of less than 4,700 bitcoins.

The average Lightning payment channel has a capacity of 8,729,836 satoshis, worth about $5,542. This capacity is only a small fraction of bitcoin’s circulating supply of about 19.5 million.

Crucially, Lightning has also been riddled with bugs.

Expensive to receive money

Most importantly, Lightning is counterintuitive and surprisingly expensive. In order to join the network, new users must pay for a regular Bitcoin transaction, on-chain. They can then send and receive that amount of bitcoin — i.e. their initial deposit — for negligible fees, skipping on-chain transactions via Lightning’s payment channels.

However, whenever the user wants to receive more bitcoin than they originally deposited to join a Lightning network channel, they must pay for an additional on-chain transaction to splice in additional bitcoin capacity. 

Finally, to leave the network, they must again pay for an on-chain closing transaction.

Although these three (or more) on-chain transactions might eventually save a power user from innumerable on-chain transactions, for the average user, they are an annoyance and counterintuitive.

In particular, many new Lightning users complain about the topsy-turvy design of having to pay extra money to receive extra money. In normal commerce, recipients receive unlimited money freely; the sender pays extra to send large sums. Lightning flips that entirely, charging the recipient.

As a temporary solution, custodial Lightning companies have launched wallets that subsidize new users with extra, complimentary inbound capacity. This eliminates complaints and improves the user experience but these custodial solutions centralize Lightning, moving it far away from Bitcoin’s promise of true decentralization.

Indeed, on the first page of the Bitcoin whitepaper, Satoshi wrote, “What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.” In this context, the introduction of a trusted third party to make Lightning easy and cheap for the average recipient doesn’t seem very Bitcoin.

Channel freezes and other Lightning Network bugs

In October 2023, Lightning developers disclosed a vulnerability of Bitcoin Lightning Network users to so-called replacement cycling attacks. Soon, they disclosed another vulnerability to ‘jamming’ attacks. In November 2022, another unattributed Lightning routing bug came to light.

One bug in a popular Lightning implementation, LND, froze money inside Lightning for hours after a developer called Burak decided to broadcast a 998-signature Taproot transaction that broke the network.

Read more: Bug freezes bitcoin inside Lightning Network for hours

Significant developer departures from Bitcoin Lightning

As early as 2019, even Lightning’s co-creator, Tadge Dryja, admitted that Lightning might be overhyped. “Everybody is saying, ‘Lightning Network is going to be the best thing ever.’ Wait, LN can’t actually do that,” he said.

Dryja’s co-founder, Joseph Poon, has also stopped contributing to Lightning development.

Lightning Network developer Antoine Riard also halted his work on Lightning soon after the replacement cycling vulnerability was disclosed. He said this vulnerability put it in a “very perilous position” that could only be fixed at the base layer. Riard left to focus on Bitcoin Core development.

Another Lightning Network developer, Rene Pickhardt, expressed concerns about the ability to remain private on Lightning. Chainalysis affirmed that fear, beginning to offer tracking services of Lightning transactions in December 2021.

One of the oldest Bitcoin developers, Matt Corallo, the tenth contributor to Bitcoin Core, called the Lightning Network “kinda a joke.” Synonym’s John Carvalho agreed with that assessment on a recent interview with Vlad Costea, also concluding that Lightning has failed to meet the community’s expectations.

Corallo laughed at unpayable Lightning invoices via BTCPayServer. He opined that the Lightning Network needed to be made accessible to the general population, not just hobbyists.

A growing list of Bitcoin Lightning complaints

Bitcoin developer Paul Sztorc thinks it’s unlikely that Lightning Network will succeed. Indeed, he predicted that it will “collapse Theranos-style,” a reference to a company that was once touted as a revolution in medical diagnostics but has since collapsed. He has created a list of dozens of complaints and third-party predictions of its demise.

In any case, Lightning’s capacity is already on the decline, numerous bugs have not inspired confidence, and many developers have stopped contributing altogether. Lightning Network continues to be an interesting use of valid Bitcoin smart contracts, but unless someone can figure out a solution to its many problems, it might remain a niche for hobbyists rather than the global revolution it was once believed to be.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Critics claim ‘buggy’ Bitcoin Lightning Network is slowly dying appeared first on Protos.

The total public capacity of Bitcoin’s Lightning Network dipped below 5,000 BTC this week and is currently hovering around 5,060. The dip is a 7% decline from one month ago and a 10% decline from the network’s high in March.

Lightning is Bitcoin’s most popular Layer 2, or off-blockchain scaling solution. To enter the Lightning Network, users deposit BTC into contracts that subsequently allow routing of BTC throughout the network without incurring on-chain fees. Lightning transactions are far faster and cheaper than regular bitcoin transactions, yet they don’t enjoy the full decentralization and security of Bitcoin’s blockchain.

Capacity refers to the maximum amount of money that a user of the publicly accessible Lightning Network could route at any particular time.

After years of growth including a sextupling of BTC capacity over the past three years, the Lightning Network has stagnated for the past nine months.

In addition to lower money at stake, the number of publicly viewable channels has also declined since its capacity high in late March. Channels have decreased from 73,597 to 59,458 today — a 19% decline in nine months.

Why has the bitcoin capacity of the Lightning Network declined?

While several exchanges, including Binance, Kraken, and Bitfinex, have already implemented Lightning Network, others have promised to yet never followed through. Coinbase, for example, promised Lightning support nine months ago and it still hasn’t happened.

Some attribute the decaying interest in Lightning to the emergence of other Bitcoin primitives, such as Ordinals-based NFTs, BRC-20s, or the Bitcoin-friendly social network Nostr. Others blame the decline on problems with Lightning itself, including several major security vulnerabilities.

Read more: Bitcoin Lightning Network users could have lost millions in jamming attack

Others blame design considerations that cost unsuspecting users extra fees for seemingly simple payments. Requesting extra BTC capacity, for example, requires extra on-chain transaction fees — which can be costly to everyday users until Lightning developers complete work on splicing.

In any case, there’s still nearly a quarter of a billion dollars worth of liquidity available to route payments across Bitcoin’s Lightning Network. Fans are hopeful that 2024 will renew interest in its scaling solutions for smaller, cheaper, faster, and less secure bitcoin transactions.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Bitcoin Lightning Network public capacity dips below 5,000 BTC appeared first on Protos.

One week ago, senior Bitcoin Lightning Network developer Antoine Riard quit. At the time, Riard explained his surprise resignation by saying, “Effective now, I’m halting my involvement with the development of the Lightning Network and its implementations, including coordinating the handling of security issues at the protocol level… I think this new class of replacement cycling attacks puts Lightning in a very perilous position.”

Protos reported on his departure, yet the news seems to have had little impact on Lightning’s total value locked (TVL). When the news broke one week ago, there were approximately 5,500 bitcoin ($188 million) in the publicly viewable Lightning Network. Today, that capacity has declined a modest 4% to 5,300 bitcoin ($180 million).

In spite of Riard’s sudden departure due to these critical vulnerability errors, more than 13,000 Lightning node operators continue supporting at least 62,000 open payment channels today.

Indeed, these figures reflect only the publicly viewable Lightning Network. In addition, wealthy or otherwise privacy-focused users will deny channel opening requests to their Lightning channels. The funds in these channels remain hidden from public view.

As a result, there are untold sums in private Lightning networks between peers and institutions that are unknown. Large institutions like Binance, Bitfinex, and OKX use private networks with unknown quantities of bitcoin.

Apparently, replacement cycling attacks are not a ‘five-alarm fire.’

Brief orientation to the Lightning Network

Lightning is a second-layer network that offers quick, cheap bitcoin transactions. The tradeoff is, of course, reduced security and decentralization.

Most users join the Lightning Network by contributing bitcoin through a wallet built by a third party, thereby accepting that wallet’s Lightning implementation, defaults, and configurations.

Fortunately, users can only lose the bitcoin they contribute when opening payment channels into the Lightning Network. As noted above, less than 5,300 of the 19.5 million circulating bitcoin are inside the public Lightning Network.

There are four major implementations of the Lightning Network which are interoperable insofar as users can send and receive bitcoin to one another. Each implementation, however, varies in its default settings and other functions like smart contract tools, wallet support, liquidity, programming language, and other capabilities.

• Blockstream’s Core Lightning (CLN)
• Lightning Labs’ LND
• Acinq’s Éclair
• Block’s Lightning Development Kit (“LDK”)

There are also custom implementations of the above by Kraken, Binance, OKX, Bitfinex, CashApp, River Financial, and other users of the Lightning Network.

What are replacement cycling attacks?

All of these implementations use hashed time locked contracts (HTLCs) to protect users while they transact inside the Lightning network until they exit onto Bitcoin’s base blockchain.

Unfortunately, for months, a suite of vulnerabilities have existed in standard HTLCs to which most Lightning users opt-in when joining the network. Now called replacement cycling — and also known as ‘transaction jamming’ attacks — attackers replace (or jam) legitimate HTLC transaction broadcasts with a never-ending cycle of spam transactions. 

In the end, victims’ bitcoin becomes either frozen inside the Lightning Network or stolen altogether.

Lightning Network developer Antoine Riard originally posted a disclosure about the bug on the official Bitcoin-Dev and Lightning-Dev mailing lists.

Researchers at non-profit Bitcoin Optech further discussed this replacement cycling vulnerability.

Developers found the bug in a feature called transaction replacement. This feature can remove one or more inputs in a multi-input transaction in Bitcoin node mempools. Mempools store pending transactions where they’re usually prioritized according to their transaction fee bid. Lightning Network users can use transaction replacement to replace a transaction with two outputs with another that has only one output.

So far, no major theft or loss has occurred as a result of replacement cycling attacks. Not only does the attack require a fluent understanding of the idiosyncratic Bitcoin Script programming language, but it also requires sophistication and interpersonal coordination.

Specifically, an attack would depend on at least two parties sharing control of an unspent transaction output or UTXO. The attacker must wait for the victim to spend an output. Then, the attacker must replace the second party’s transaction with another preimage transaction that doesn’t include the shared UTXO. This move is called a replacement cycle.

In the most sophisticated version of the attack, the attacker secretly broadcasts the nefarious transaction directly to a Bitcoin mining pool operator. This prevents the victim from seeing the theft via public mempools and Lightning watchtowers.

As rational economic actors, mining pool operators usually choose the transactions bidding the highest fees. Unfortunately, this means Lightning Network victims could lose their funds by being secretly outbid by a hacker.

Read more: New Bitcoin Lightning Network bug: Unattributed payment routing

Bug patches and pleas for resolution

According to Riard’s disclosure, developers discovered this vulnerability during a developers’ meeting in December 2022. They’ve been working on mitigations for months. Already, all four major Lightning implementations have patched many of the attack vectors.

Additional mitigations include permission for forwarding Lightning nodes to rebroadcast transactions without paying extra transaction fees. Forwarding nodes could also negotiate longer ‘CLTV deltas,’ or the number of blocks that the channel’s time window remains open. This would give the forwarding node more time to repeatedly rebroadcast the honest transaction, which can drive up the cost of the attack. 

The operator of the forwarding node can also run a full Bitcoin node that can scan the mempool for hackers’ transactions that contain the fake preimage generated by the receiving node. If the forwarding node detects the preimage, it can quickly propose to mining pool operators that the honest transaction be included in a block in spite of its inferior bid, thereby defeating the attack.

Despite these fixes, other weaknesses remain.

For example, some of these patches introduce the possibility that neither honest nor dishonest transactions will get confirmed quickly on Bitcoin’s blockchain, which could cause timing issues if the transactions are routed through Lightning forwarding nodes that often go offline.

Many Lightining developers remain concerned.

Matt Corallo opined in commentary on the issue posted to the Bitcoin-Dev and Lightning-Dev mailing lists, “To be clear, the deployed mitigations are not expected to fix this issue, it’s arguable if they provide anything more than a PR statement.” He suggested an additional mitigation involving Bitcoin miners, in which they could retry past transactions in the event of a replacement cycling attack.

Other suggested mitigations included having a forwarding node incrementally increase fees until its refund transaction is confirmed, with one variation involving presigned fee bumps that could be used to preemptively counteract attacks.

In short, the replacement cycling vulnerability primarily impacts forwarding nodes on the Bitcoin Lightning Network. To date, no major theft of funds has occurred. Developers have already patched several bugs and issued software updates to mitigate the vulnerability and they recommend that all Bitcoin Lightning Network nodes update their software to the latest version.

Nevertheless, some warn that the mitigations are imperfect. With some $180 million dollars viewable in the public Lightning Network, black hat hackers eye a jackpot.

A major theft could be just around the corner. Hopefully, work will continue to fully resolve the vulnerability.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Replacement cycling attacks risk millions in Bitcoin Lightning Network appeared first on Protos.

In December 2022, Bitcoin’s most popular scaling solution, the Lightning Network, experienced a critical vulnerability error. Had a hacker exploited this error, many users could have lost their bitcoin. For context, there are thousands of users and at least 5,500 bitcoin worth at least $150 million in the Lightning Network.

Now that the bug is patched and Bitcoin’s most popular second layer is safe to use, Lightning developer Antoine Riard has disclosed the full details of the vulnerability. Riard’s post-mortem of the vulnerability admits that many Lightning users could have lost their funds entirely.

Riard also explained the code maintenance required to prevent these so-called ‘transaction-relay jamming attacks’ from recurring in the future.

The bug is the latest in a long series of Lightning bugs. Protos has been following an underreported series of them, including the unattributed payment routing bug from November 2022, the BTCD library bug from October 2022, the zombie attack from August 2022, and the Éclair API bug from November 2021.

Read more: Bug freezes bitcoin inside Lightning Network for hours

Brief primer on Bitcoin’s Lightning Network

For those not familiar with it, Bitcoin’s Lightning Network functions through users who commit bitcoin to payment channels with any willing peers. Once opened, bitcoin can be passed back and forth within the channel (on the Lightning Network) without an on-chain, layer 1 transaction.

As their peers then connect to other Lightning Network users and commit bitcoin to additional payment channels, a mesh network forms that now spans the entire globe with over 68,000 channels.

Within this mesh network, users pass bitcoin back and forth by updating a Lightning-based ledger, without an on-chain transaction.

Only when the users wish to exit the Lightning network must they request to settle their funds on-chain with a final, layer 1 transaction. Importantly, this final transaction is usually a Hash Time Locked Contract timeout transaction whose on-chain transaction fee is usually bid when the channel originally opens (more on this later).

Details from Riard’s jamming attack post-mortem

With this context in mind, consider the critical vulnerability bug that Antoine Riard responsibly disclosed. This transaction-relay jamming attack, which was open in December 2022, would have allowed an attacker to target a Lightning payment channel by broadcasting a Hash Time Locked Contract (HTLC) preimage transaction with higher fees than the honest lightning node’s HTLC-timeout.

In other words, the attacker could prevent a user from withdrawing bitcoin from the Lightning Network onto the base layer.

This attack exploited HTLCs by kicking an honest transaction out of Bitcoin’s dominant mempools, forcing the channel closing request to expire without the Lightning users being able to complete their channel closure.

Recall that Bitcoin’s consensus rules prevent double-spending of any kind of the base layer. Therefore, as long as the attacker bid more for the malicious preimage transaction which was tied to the same bitcoin as the existing HTLC-timeout bid, then the payment channel might never actually close.

Stated simply, the attack would have prevented users from withdrawing bitcoin from their Lightning channel. By outbidding their payment channel closing request, the attacker might be able to suspend bitcoin inside the channel indefinitely, assuming a rational mining pool selects the highest fee transactions for inclusion in blocks.

Responsible Lightning bug disclosure

Fortunately, no one ever actually exploited this vulnerability to seize anyone’s real bitcoin. Developers quietly patched the bug without stealing anyone’s money.

The potential attack also impacted any Lightning routing hops carrying HTLC traffic. (As Lightning users pass bitcoin through channels across the globe, the bitcoin hops through routing nodes that charge a small routing fee.)

The bug also introduced security risks and potential loss of funds for legacy and anchor output channels. Worse, the attack could occur even if the mempool was not congested, assuming the mining pool operators were rational economic actors who chose the highest-bidding transactions for inclusion in a block.

Bug contagion could have spread on-chain

The vulnerability also impacted a number of other Bitcoin protocols, including:

• Discreet Log Contracts (DLCs)
• coinjoins
• payjoins
• wallets with time-sensitive paths
• peerswap and submarine swaps
• batch payouts
• transaction “accelerators”

All of the above were vulnerable to a malicious actor bidding a never-ending series of high fee, preimage transactions.

Lightning Network developers discovered the vulnerability in December 2022 while discussing other topics like layer 2 payment channels and ensuring incentives lined up with the mempool’s anti-denial of service (DOS) protocols.

Lightning jamming attack patch details

Riard says developers have released solutions for all major Lightning Network implementations. He says patches are live in the following software updates, covering all four of the major Lightning Network implementations.

• LDK: v0.0.118 – CVE-2023 -40231
• Eclair: v0.9.0 – CVE-2023-40232
• LND: v.0.17.0-beta – CVE-2023-40233
• Core-Lightning: v.23.08.01 – CVE-2023-40234

Riard added the disclaimer that the solution is not tested against real-world jamming attacks of previously vulnerable Lightning nodes operators who have not updated their software. He says a sophisticated attacker might still expose small weaknesses remaining in insecure channels with a combination of attacks, such as jamming, pinning, or other sophisticated tactics.

In summary, developers have responsibly kept a ‘jamming attack’ vulnerability under wraps since December 2022 until they released updates to the most popular clients for Bitcoin’s Lightning Network. Although they have avoided any major theft of the millions of dollars worth of bitcoin held by Lightning Network users, their security patches remain untested against any real-world attack. 

Riard has issued a full disclosure of the bug and encourages continued diligence to avoid future bugs that would compromise the credibility of Bitcoin’s most popular scaling solution.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Bitcoin Lightning Network users could have lost millions in jamming attack appeared first on Protos.

Software engineer Tobi Ojuolape has published a method for making very large payments using Bitcoin’s Lightning Network. He recommends Lightning nodes upgrade to support atomic multipath payments (AMP).

This new specification would split a large payment, routing the full amount via multiple channels. However, the transaction would remain atomic, in other words, “indivisible and irreducible.”

An atomic transaction is all-or-nothing, guaranteeing that either all money settles or else nothing settles. Atomicity prevents the sender from losing any part of their bitcoin if any particular route fails.

Ojuolape’s AMP proposal is unexpected because the Lightning Network primarily handles small payments. Historically, research into large, Lightning payments has been neglected.

A brief introduction to Bitcoin’s Lightning Network

Lightning is the most popular scaling layer for Bitcoin. Scaling layers use the base (Layer 1) blockchain but also contain additional functionality. Collectively, scaling layers are known as ‘Layer 2s.’

• Lightning requires opening and funding a payment channel on-blockchain that can subsequently manage transactions off-chain.
• Lightning nodes connect to one another, forming a mesh network with various amounts of liquidity between all participants.
• Coins route across the network, with each node charging a very small fee for routing payments.
• The end result is a cheaper, faster routing of bitcoin payments. 
• Trade-offs include security and decentralization, as Lightning transactions are not guaranteed by Bitcoin’s blockchain until users exit the network and settle on-chain.

Atomicity: How to safely send large payments via Lightning

Again, most Bitcoiners might view a technology to send a large payment via Lightning as counterintuitive. Why, they would ask, would anyone bother to use Lightning when a Layer 1 Bitcoin transaction would accomplish the same thing?

The vision for Lightning, however, is to expand Bitcoin as a financial system for the entire world’s population. Because Lightning routing fees are so much cheaper than Bitcoin’s base layer, the network could serve day-to-day needs for any amount of money, no matter how small or large.

From near-$0 as recently as 2019, Lightning now boasts over 17,000 nodes, 79,000 payment channels, and $150 million in capacity.

If this growth trend continues, Lightning will need a safe solution for routing large payments. Hence, Ojuolape’s AMP proposal.

Read more: Bitcoin Core developer proposes new type of pruned node

Bitcoin atomic multipath payments (AMPs)

LND v0.13.0-beta has introduced support for Atomic Multipath Payments. LND is one of the three most popular implementations of Lightning alongside Éclair and Core Lightning. Developers previously proposed and developed other protocols for multi-path payments, but AMP is the first to include atomicity.

AMPs add a new feature requiring atomicity. In other words, either all or zero payments must transmit; no partial execution of the transaction is allowed. If any payment as specified by the AMP sender does not settle, then nothing settles.

Atomicity avoids the risk of partial payments. While not a big deal when paying for a cup of coffee and losing a few cents, atomicity is critical when sending millions of dollars when that change could be worth many thousands of dollars.

Multipath payments eliminate the need to find a single channel with a large enough capacity to route the entire transaction. On an atomic basis, AMPs would raise the maximum size of a Lightning transaction from 14 bitcoin today into the thousands.

Read more: Bitcoin dev has fix for Lightning’s existential problem — offline payments

Atomic multipath ensures the whole payment gets through

Without multipath payments, sending bitcoin over the Lightning Network requires finding a single channel with sufficient capacity to route the entire payment if the sender does not want to trust multiple node operators.

Adding atomicity to multipath payments increases the security of this transaction by guaranteeing that the entire transaction settles, all at once.

Like all Lightning transactions, nodes supporting AMP would determine the best route for each data packet, ensuring that the full quantity reached its intended destination. This function reduces the risk of network congestion. Through AMP, senders can feel more secure about sending large payments without trusting too many node operators.

Tobi Ojuolape has described AMP as a method for making large Lightning Network payments without needing to find a single channel with sufficient capacity. Unlike other methods for multipath payments, atomic multipath payments ensure that the entire payment gets through without the risk of any lost change or partial payment.

For more informed news, follow us on Twitter, Instagram, and Google News or subscribe to our YouTube channel.

The post How atomic multipath could take the risk out of large bitcoin payments appeared first on Protos.