Following a vulnerability discovered in the system, the Lightning network node operators running LND versions before October 1’st for version 0.11 upgrade have been asked to upgrade on an immediate basis.
What the Inner Circle says
The upgrade which was made public in an announcement today from Lightning engineer Conner Fromknecht, head of cryptographic engineering at Lightning Labs, went as given below:
“While we have no reason to believe these vulnerabilities have been exploited in the wild, we strongly urge the community to upgrade to lnd 0.11.0 or above ASAP,”
Earlier in the day Conner Fromknecht also announced the presence of vulnerabilities on Twitter.
As of now, the details of the vulnerability have not been disclosed but the head has assured that the entire set of vulnerabilities will be made public on October 20.
The Lightning Network Daemon (LND) is a complete Golang implementation of a BOLT-compliant Lightning Network node which was developed by Lightning Labs. It can connect to the Lightning Networks deployed on Bitcoin (mainnet, testnet3) and Litecoin (mainnet, testnet4).
“No known exploitations of the vulnerability have been found to date, but circumstances surrounding the discovery resulted in a compressed disclosure timeline,” Fromknecht said.
This is not the first time a vulnerability has been discovered in the Lightning network. Last year, Lightning Labs CTO, Olaoluwa Osuntokun, confirmed instances of Common Vulnerabilities and Exposures (CVE) “being exploited in the wild.”
The lightning Network team currently working on scaling and speeding up BTC transactions was duly warned and this is not the first time. In its present state, it is capable of creating and closing channels, managing channel states, performing path-finding within the network as well as passively forwarding incoming payments.
Researchers in early 2020 had warned about the privacy vulnerabilities in the Lightning network which could go on to lay bare all the financial information of the Bitcoin transaction which was assumed to be anonymous. Currently, Lightning Labs, Blockstream, and ACINQ are the three major teams that are working on the development of the Lightning network.
Earlier this year in February, Lightning Labs said that it started beta testing of its first paid product called Lightning Loop. This aimed to improve transactions on the Bitcoin network. In June 2019 the team released its first Lightning Mobile App and described it as “the first [Bitcoin] mainnet app on all major mobile and desktop platforms.”
About Lightning Network
Lightning is a decentralized network that uses smart contract functionality in the blockchain to allow for instant payments across an entire network of participants. The Lightning Network has been dependent upon the underlying technology of the blockchain. Security is enforced by blockchain smart-contracts without creating an on-chain transaction for individual payments. Payment hence is measured in milliseconds to seconds. With the transacting as well as setting off the blockchain, the Lightning Network has surely created an impression and allows for exceptionally low fees. This makes it cheap, scalable, and Instant.