Skip to main content

Hidden Lightning Network Bug Allowed Spending of ‘Fake’ Bitcoins

Hidden Lightning Network Bug Allowed Spending of 'Fake' Bitcoins

A bug discovered in the Lightning Network in June, which allowed lightning bitcoins not backed by actual bitcoins to be spent, has officially been addressed in a new dev full disclosure report released on Friday. The problem has reportedly been remedied, but the security oversight casts doubts on an already heavily scrutinized protocol, and whether a proper release of LN anytime soon is actually feasible.

Also Read: Traders Bemoan New Localbitcoins Identity Requirements

Lightning Bug in June

On June 27, developer Rusty Russell discovered the security flaw while running tests on the network. As the bug was not independently discovered by malicious entities, it is unlikely that major damage was done, although conclusive evidence did show that at least one exploitation of the bug did occur “in the wild” on September 7. A quiet fix was made and the issue was revealed in August after most users had upgraded, culminating in the September 27 release of the full disclosure report.

Hidden Lightning Network Bug Allowed Spending of 'Fake' Bitcoins

The report states:

A lightning node accepting a channel must check that the funding transaction output does indeed open the channel proposed. Otherwise an attacker can claim to open a channel but either not pay to the peer, or not pay the full amount … Implementations did not always do this check.

Listed implementations which were vulnerable were c-lightning v.0.7.0 and below, lnd v.0.7.0 and below, and eclair v.0.3.0 and below. Some implementations only checked for partial data necessary to confirm the authenticity of the transaction. According to the report “It did NOT, however, require the receiver to actually check that the transaction is the one promised by the funder: both the amount and the actual scriptpubkey.”

All systems seem to be back on track now, the bug report detailing that the discovery, for all the trouble it caused, “did provide an opportunity to test communications and methods of upgrade across the entire lightning ecosystem.”

Skepticism Remains

While this security flaw was dealt with relatively efficiently, and no network is beyond critique, many in the crypto space still take issue with the layer two payment protocol for various reasons. Addressing this most recent report on Twitter, Bitcoin Unlimited’s Peter Rizun wrote:

Still others are critical of the trust that is required to use the network, and the necessity of remaining online, as it is ultimately an off-chain solution requiring intermediaries who are also online at the same time, and who have enough funds available to move a user’s desired transaction along. Controversial ideas like watchtowers have not helped folks take a shine to LN, either, owing to the potential they hold for surveillance bodies like police and governments to establish undue influence, and stifle liquidity. For those relatively new to LN and some of the potential obstacles it presents, Rizun has also posted an easy-to-understand illustrated video here. Should Lightning ever emerge from its experimental stage, then the market can have a good, full go at it. Trouble is, some are still wondering if that elusive day will ever come.

What are your thoughts on the Lightning Network? Let us know in the comments section below.

Image credits: Shutterstock.

Did you know you can also buy Bitcoin Cash online with us? Download your free Bitcoin wallet and head to our Purchase Bitcoin page where you can buy BCH and BTC securely.

The post Hidden Lightning Network Bug Allowed Spending of ‘Fake’ Bitcoins appeared first on Bitcoin News.



from Bitcoin News https://ift.tt/2moucKE
Labels:

Comments

Post a Comment

Popular posts from this blog

Deep Web Roundup: Dream Adds Monero and Bitcoin Tumbler “Chip Mixer” Launches

The darknet has been quiet of late, which is the way it’s meant to be. No news means no mega busts, honeypots, or mass market shutdowns. Even when it’s out of the spotlight though, the deep web is quietly making news, whether trialling the latest privacy coins or the newest coin mixers that promise to restore a little of the privacy that’s being stripped away from bitcoin users on a daily basis. Also read: U.S. Agency ICE Conducts Investigations That Exploit Blockchain Activity The Battle for Privacy Heats Up Privacy is all relative, but of late there’s been relatively little privacy to be enjoyed by bitcoin users. Blockchain monitoring software is becoming more sophisticated and more common, with U.S. law enforcement agencies using it to profile and hunt down deep web users. Chip Mixer is a relatively new bitcoin tumbler that’s designed to restore some of that privacy. Available on both the clearnet and darknet, the service uses a variety of techniques to obfuscate blockchain m
10 comments
Read more

International Crypto Exchange Luno Adds Bitcoin Cash Trading

Luno exchange has added bitcoin cash trading to the platform following feedback from its client base. BCH is now only the third cryptocurrency available for trading on the exchange, in addition to BTC and ETH , but more options could be on the way once Luno determines that they are credible enough. Also Read: Bitflyer Adds Bitcoin Cash Trading Across Europe and the US Luno Adds Bitcoin Cash Trading Luno, the London-headquartered company formerly known as Bitx, recently announced that bitcoin cash was made available on its cryptocurrency exchange. Starting from Monday, September 23, customers at Luno are now able to store, buy and sell BCH on the platform. The reason given for adding BCH to the exchange is feedback from users in developing markets that convinced Luno to expand their offering from previously just BTC and ETH . Marcus Swanepoel, CEO of Luno, said , “We are in a new and exciting financial era. Developing economies are leading the large-scale adoption and appli
Post a Comment
Read more

Ombudsman Receives Complaints About Crypto Investments in Spain

The Spanish ombudsman has been receiving complaints about cryptocurrency and how some Spanish citizens investing in these vehicles have lost everything. In his annual report, Angel Gabilondo recognized the rise of cryptocurrencies as a new problem due to the little or no regulation crypto sees in the country. In the same way, the EU has also warned about these assets recently. Spanish Ombudsman Gives His Take on Crypto Angel Gabilondo, the Spanish ombudsman, has given his take regarding cryptocurrencies and the effects they have on citizens investing in some of these projects. Gabilondo said in his yearly report that cryptocurrencies have become “a new problem” during the year examined, with many people having lost all of their funds invested. The report states : Cryptocurrency exchange companies or platforms are not regulated in the legal system, are not subject to any public supervision system, nor do they benefit from deposit guarantee systems. The affected users that sought
Post a Comment
Read more