Researchers discover vulnerabilities in Bitcoin layer-2 Lightning Network

2022-8-12 15:15

Researchers at the University of Illinois have discovered vulnerabilities in the Bitcoin (BTC) Lightning Network that could result in the theft of 750 BTCs (roughly $18 million).

The two researchers, Cosimo Sguanci and Anastasios Sidiropoulos, published a paper where they explained the vulnerability in the Layer 2 network using a hypothetical case where malicious nodes can collude for an attack.

“A coalition of just 30 nodes could lock the funds of 31% of the channels for about 2 months via a zombie attack, and could steal more than 750 BTC via a mass double-spend attack.”

Zombie attack

According to the paper, a zombie attack is a form of vandalism that congests the network and make the lightning network unusable.

A zombie attack is a scenario where some nodes are unresponsive, thereby locking funds connected to these nodes.

The paper stated that the only way to defend against this attack would be for the honest nodes to close their channel and return to the Bitcoin Layer 1 network. But that will cost a lot in transaction fees.

Double spend attack

Another type of mass exit attack discovered by the researchers is the double-spend attack. The attack would require the cooperation of several malicious nodes to overload the Bitcoin Layer 1 blockchain with fraudulent closing transactions.

If the attackers can pay the high fees resulting from the network congestion, they will be able to skip the queue and double spend Bitcoin.

But this attack is only possible when there is a flaw in the configuration of one of the Lightning Networks watchtowers.

Watchtowers role

The watchtowers keep track of the state of the Lightning Network and store all data used for regular transactions, also called justice transactions.

Honest nodes will have to submit justice transactions to dispute the fraudulent requests, so if all watchtowers are working effectively, it is easy to ascertain fraudulent channel closing requests.

A poorly maintained watchtower can provide the perfect entry point for a mass double-spend attack, which could significantly affect the victims.

A double spend attack would be disastrous for the network

The researchers wrote that a double-spend attack could be the most catastrophic if it happens.

They added that the severity would only increase as the network continues to develop, hence the need to deal with the vulnerabilities effectively and immediately.

They concluded by recommending the careful configuration of watchtowers. “Ideally, they should monitor layer-1 congestion and respond aggressively in the case of high congestion,” the paper noted.

The new revelation further adds to the list of other vulnerabilities on the network, such as a Griefing attack, Flood and loot, time dilation eclipse, and pinning.

Meanwhile, despite these vulnerabilities, malicious players have been unable to exploit the network.

The post Researchers discover vulnerabilities in Bitcoin layer-2 Lightning Network appeared first on CryptoSlate.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Bitcoin (BTC) íà Currencies.ru

$ 74849.1 (-0.22%)
Îáúåì 24H $72.22b
Èçìåíåèÿ 24h: 1.48 %, 7d: 3.50 %
Cåãîäíÿ L: $74544.69 - H: $76122.08
Êàïèòàëèçàöèÿ $1480.435b Rank 1
Öåíà â ÷àñ íîâîñòè $ 24170.65 (209.67%)

researchers vulnerabilities network lightning bitcoin layer-2 discover

researchers vulnerabilities → Ðåçóëüòàòîâ: 32


Vulnerabilities Shake Trust In Blockchain Voting App; West Virginia Turns Back to Paper

The blockchain-based voting app, Voatz, will no longer be used by West Virginia. The news comes after researchers discovered vulnerabilities within the app. On February 29, it was reported by NBC News that West Virginia's secretary of state, Mac Warner, announced that disabled and overseas voter will not be able to use mobile apps in […]

2020-3-3 22:56


Ôîòî:

Microsoft’s open-source election software now has a bug bounty program

Microsoft has announced a bug bounty program for its open-source election software ElectionGuard, allowing researchers to uncover vulnerabilities and help bolster election security. Available as a software development kit (SDK), ElectionGuard aims to make voting tamper-proof by leveraging encryption to “enable a new era of secure, verifiable voting.

2019-10-21 09:04


Ôîòî:

Adware campaign exploits Chrome and Safari bugs to serve over 1B malicious ads

Threat actors have exploited “obscure” bugs in WebKit and Chrome browsers to serve over 1 billion malicious ads in less than two months, a new research has found. The attackers targeted iOS and macOS users with zero-day vulnerabilities in Chrome and Safari browsers that bypassed built-in security protections to show potential victims intrusive pop-up ads, and redirect users to malicious sites.

2019-10-2 09:16


Mobile malware campaign targeting Uyghur Muslims impacted Tibetans too

The mobile malware campaign targeting the Uyghur Muslim minority in China was also directed at senior members of Tibetan groups, according to new research. The details — disclosed by University of Toronto’s Citizen Lab and TechCrunch — reveal that the targets were sent specifically tailored malicious web links over WhatsApp, which, when opened, exploited browser vulnerabilities on iOS and Android devices to install spyware, and surreptitiously stole private and sensitive information.

2019-9-25 11:36


Ôîòî:

WhatsApp’s chat manipulation exploit remains unresolved even after a year (Updated)

Vulnerabilities uncovered in WhatsApp — the messaging app used by about 1. 5 billion users across the world — can allow bad actors to exploit the platform to manipulate or spoof chat messages. The flaws would make it possible to “intercept and manipulate messages sent in both private and group conversations, giving attackers the power to create and spread misinformation from what appear to be trusted sources,” the researchers noted.

2019-8-8 14:01


Ôîòî:

Monero security flaw could’ve seen XMR stolen from cryptocurrency exchanges

Privacy-focused altcoin Monero has suddenly disclosed nine security vulnerabilities — including one that could have allowed hackers to steal XMR from cryptocurrency exchanges. Until March, rogue Monero miners were hypothetically able to create “specifically-crafted” blocks to force Monero wallets into accepting fake deposits for an XMR amount chosen by the attacker.

2019-7-4 18:18


Ôîòî:

Security Researchers Reveal Wallet Vulnerabilities On Stage at 35C3

In a demonstration titled “Wallet. fail,” a team of security researchers hacked into the Trezor One, Ledger Blue and Ledger Nano S. Unfortunately, it appears as if their findings were first put on display at the 35th Chaos Communication Congress (35C3) in Leipzig, Germany, rather than through accepted Responsible Disclosure practices, which would have allowed the manufacturers to patch the vulnerabilities and protect their customers from any potential attack.

2019-1-1 19:15