Copy link
Increase text size
Decrease text size
Link copied

Hackers could exploit a known Bitcoin Lightning Network vulnerability to loot BTC says study

The Bitcoin Lightning Network is vulnerable to looting according to researchers.

Image by Igor Schubin from Pixabay

Wed, 08 Jul 2020, 05:41 am UTC

The Lightning Network is seen as the solution to some of the Bitcoin blockchain’s issues such as congestion and high transaction fees. But a recently released study reveals that sophisticated hackers might be able to loot BTC from users of the network if they are not careful enough.

Computer scientists Jona Harris and Aviv Zohar from the Hebrew University of Jerusalem recently published a paper that detailed how hackers might exploit Bitcoin blockchain congestion to their advantage, Coindesk reported. The researchers discussed how savvy cybercriminals could launch an attack on the network that could potentially lead to loss of funds in their paper titled “Flood & Loot: A Systemic Attack on the Lightning Network.”

The Bitcoin blockchain only supports a few transactions per second so it’s no wonder that it’s a bit slow in the settlement of payments. That where the Lightning Network comes in. As a second-layer solution, it takes transaction away from the congested main blockchain, according to Investopedia.

However, the Lightning Network is still tied to the main Bitcoin blockchain. The type of systemic attack discussed in Harris’ and Zohar’s report exploits this connection and exploits the limitations of the main chain.

“The resulting high volume of transactions in the blockchain will not allow for the proper settlement of all debts, and attackers may get away with stealing some funds,” the researchers wrote on a Medium post.

Considering that the Bitcoin blockchain only processes a few transactions per second, the Lightning Network minimizes the use of bitcoin’s scarce block space by taking funds off the chain. But should something goes wrong with the network, users will be able to bring their transactions back into the main chain.

In the “Flood” portion of the attack, hackers will cause several Lightning channels to close which forces the transactions back in the Bitcoin blockchain. But with the flood of transactions coming all at once, the network won’t be able to handle the volume, which could lead to problems.

Hackers also take advantage of Lightning’s “hash time-locked contracts” (HTLCs), where a deadline is built into each payment to give transacting parties to settle their funds on the main blockchain should something goes wrong with the Lightning Network. When a deadline passes, unsettled HTCLs are “up for grabs” and hackers can steal the funds in these expired contracts.

By flooding the Bitcoin blockchain with these HTLCs, hackers hope that the network won’t be able to handle the volume until some of the contracts are pushed past their built-in deadlines. “By attacking many channels and forcing them all to be closed at the same time […], some of the victims’ HTLC-claiming transactions will not be confirmed in time, and the attacker will steal them,” Harris explained.

Based on the researchers’ estimate, it can be a lucrative operation. By attacking 100 channels, hackers can exploit around 7,402 HTLCs. Using the average HTLC amount of $138 BTC, a successful attack of this magnitude could yield around $1,021,476.

TokenPost | [email protected]

<Copyright © TokenPost. All Rights Reserved. >

Back to top
Copyright ⓒ TokenPost. All Rights Reserved.