A study published on June 29 revealed a way to drain the funds from Bitcoin Compass wallets on the Lightning Network, exploiting a bottleneck in the system.
According to the research article, „Flood & Loot: A Systemic Attack On The Lightning Network,“ Jona Harris and Aviv Zohar of the Hebrew University of Israel, evaluated a systemic attack on the Lightning Network that allows funds in BTC that were blocked in the payment channel to be drained.
Bitcoin as a tool to fight authoritarian regimes: A critic of Vladimir Putin explains
Blockchain management with simultaneous attacks
The Lighting Network is used to send payments through intermediary nodes, which can be exploited to steal Bitcoin, this should generally be done quickly. However, the effective time window could be extended if hackers congest the network.
Bitcoin side chain anomaly causes a brief security breach
For the attack to succeed, hackers would only need to attack 85 channels simultaneously to steal network funds.
Details behind the attack
The researchers provided further details, pointing out
„The key idea behind hash locked contracts (HTLCs) is that after they are established, the target node „pulls“ payments from the previous node along the way by providing a secret (a preview of a hash). Our attacker will track a payment between its own two nodes and extract the payment at the end of the path. He will refuse to cooperate when the payment is finally extracted from the source node, forcing the victim to do so through a blockchain transaction.
The article clarifies, that the results of the study were shared with the developers of the three main Lightning implementations before publishing the report.
VenAmChan’s Thematic Competition Aims to Encourage Use of Blockchain in Future Editions
Cointelegraph reported that the Vietnamese online ticketing agency, Future.Travel, now accepts Bitcoin payments through the Lightning Network. The funds are converted to local currency at the time of ticket sales.