1. Home
  2. News
  3. Bitcoin news
  4. Independent LN developer throws light on an unresolved Lightning attack vector

Independent LN developer throws light on an unresolved Lightning attack vector

Photo of: Sangeetha Golchha
by Sangeetha Golchha

Joost Jager, the independent Bitcoin Lightning developer, has set out to describe the exploits of the micro-payments network in his recent Twitter post. According to him, the exploits could apparently result in the channels getting com[pormised with inconsequential costs and effort. But, he has also told the user that he is working hard to find plausible solutions for the impending issue. 

Source: Twitter

The developer has categorically specified that there could be an attack that can take place on wumbo channels. These channels are essentially designed to allow larger transactions between mutually agreeing partners on the lightning network. A wumbo channel also eliminates the ceiling to the total amount of Bitcoin that can be held in a regular lightning channel which could be around $1760 worth at today’s prices. It also removes the near-about $450 limit to how large an individual payment can be.

The developer said that Wumbo channels can also be compromised because the channel cannot hold more than 483 hash and time-lock contracts and any point of time irrespective of its capacity. Hence if a bad actor sends out 483 micro-payments to themselves while holding on to the hash and time-lock contracts, it is more than enough to cripple the channel for at least two weeks. 

The developer also took to demonstrating the effect. He said that this could be attained by using maximum route length to add loops and more contracts. This is done to rapidly reach the total for a minor initial expenditure and in this example of ours it is 5.8 million Satoshi’s. He said: 

“If the script kid is lucky, they only need to send 54 payments to get it done. A single tiny channel takes double-digit amounts of Bitcoin out of business.”

He said that he had initiated the start of a new firewall for Lightning nodes project called Circuit breaker mainly to address this problem. He was also asked if this attack still stands unsolved attack vector on the Lightning network, he was quick to respond:

“That depends on how you define biggest. There are other attacks that can make you lose money which seems worse. But this one is one of the biggest in terms of not knowing how to solve it.”

Wumbo Channels allows the user to signal that they want to send in more BTC compared to the regular limits. They can easily find a node that is willing to receive the same. Those who are regular lightning network users sending micropayments, they will not be affected in this case but considering it carefully, it poses as a better option for both enterprise and business payments. Recently looking at the growing adoption of wumbo channels, Bitfinex also has announced its support for them in its Twitter message.

What is indeed fascinating about the word wumbo is that it is inspired by a cartoon series calles SpongeBob SquarePants. The underlying message is that two parties in question have to agree to wumbo if the transaction has to effectively take off.