Four potential dangers for the Bitcoin Lightning Network

 November 2020      

Although the Bitcoin Lightning Network solves many problems of slow and expensive payments, it is still far from perfect. Several (theoretical) shortcomings have been discussed in recent months. We have listed the top four, collected by Sharecaster, for you.

Buying 1000 euros of Bitcoin without commission? Get started at Bitvavo
Bitcoin Lightning Network
The Lightning Network consists of a network of payment channels between nodes. These payment channels contain satoshi’s that can be slid back and forth, as it were, just like a chain of beads.

Because only the node of the receiver and the sender have to sign this change of balance and the blockchain is not required, this results in fast payments. Want to learn more about Lightning? Then read our explanation page.

This makes Lightning completely different from on-chain Bitcoin, as everything looks almost the same with the latter at every node. This also ensures that the all-new Lightning Network also has other attack vectors. These are the following four (potential) problems:

1. Griefing
The first attack has become a reality since the roll-out of wumbo channels. Each payment channel passes on payments with hash-time-lock contracts (HTLCs), so to speak. However, they can only ‚hold‘ a few hundred of these HTLCs, and once this limit is reached, the channel freezes.

So in this way, large amounts of funds can be frozen by people flooding this channel with a lot of micropayments. Although you can’t steal the money, this is a problem for huge channels that suddenly have to close down.

You could try to crush competitors in this way. Lightning Service Providers (LSPs) could try to create a monopoly in the liquidity market.

Joost Jager addressed this problem, but also immediately mentioned a solution: a firewall called a ‚circuit breaker‘.

2. Flood and Loot
Two researchers from Hebrew University in Israel investigated another systematic attack on the Lightning Network. Jonah Harris and Aviv Zohar found out that it is possible to steal BTC that is stuck in payment channels by forcing them into the blockchain.

When you send a payment into the network, it is (often) sent over multiple nodes. And these intermediaries in the network can fall victim to a coordinated attack.

If you want to do this, you have to be very quick. Hackers can leave payments ‚in the dark‘ by sending them between two ‚own‘ nodes. In this way you shut down the intermediate payment channels.

In doing so, nodes can really lose their Bitcoin Supreme review Bitcoin, which was not possible in the grievance attack. The two researchers already addressed this problem in June, but fortunately also provided a series of solutions.

3. Time-dilation eclipse
This third possible attack is a „sybil-atack“, where multiple identities are used to overwhelm a network.

If an attacker were to run hundreds of nodes and get all the connections of a lightning node, it could shut down the victim and isolate him from the ‚real‘ network. It can then steal money as soon as it is the only entity that passes on the closing transaction to this ‚central‘ party.

It can then wait to pass it on to the rest of the network. However, this attack must be very coordinated.

4. Pinning attack
Another way of twisting the transaction data is a „pinning attack“. The attacker can block the closing transaction of a channel to individual nodes with different mempools.

There is no such thing as ‚one mempole‘. By setting the closing transaction in such a way that it is not confirmed before the timelock expires, the attacker may mislead the victim into closing the channel in the wrong way.

The solution to this lies with so-called anchor channels. These allow you to dynamically adjust the fee for this closing transaction, making it more likely that miners will still pick it up. But even with this attack you have to deal with the situation on Bitcoin blockchain and the on-chain network.