Security researcher and developer Antoine Riard has quit development of the Lightning Network due to security concerns and fundamental challenges facing the Bitcoin ecosystem.
According to a post on the Linux Foundation public mailing list, Riard believe The Bitcoin community faces a “difficult dilemma” as a new substitution loop attack puts the Lightning Network in a “dangerous position.”
How does the Lightning Replacement Loop attack work?
There is a lot of discussion on the mailing list about this newly discovered vulnerability, but the actual mechanism is a bit difficult to understand.
So here’s an illustrated primer…
1/n pic.twitter.com/mvvS8bEc5f
— The Lone Ranger (@mononautical) October 21, 2023
The Lightning Network is a second-layer solution built on the Bitcoin blockchain. It aims to improve the scalability and efficiency of Bitcoin transactions by enabling off-chain peer-to-peer transactions.
Through the Lightning Network, users can open payment channels, conduct multiple off-chain transactions, and settle the final results on the Bitcoin blockchain. Alternative loop attacks target these payment pipelines. This is a new type of attack that allows attackers to exploit inconsistencies between various memory pools to steal funds from channel participants. According to Riad:
“I think this new replacement loop attack puts Lightning in a very dangerous position, and a sustainable fix can only be done at the base layer, such as adding a memory-intensive history of all visible transactions or some consensus upgrade. Deployed Mitigations The measures are valuable in the face of simple attacks, although I don’t think they stop advanced attackers as much as the first full disclosure email suggested.”
Riard also pointed out that addressing new attacks may require changes to the underlying Bitcoin network:
“These types of changes require the utmost transparency and support from the entire community as we make changes to full node processing requirements or the integrity of the security architecture of the decentralized Bitcoin ecosystem.”
Lightning developers grapple with challenges, including criticism surrounding network complexity and demands for user experience. Since its launch in 2018, the second layer network has become extremely popular, with total value locked at the time of writing reaching $159.5 million. according to Data from DefiLlama. However, this number is still very limited compared to Bitcoin’s $587 billion market capitalization.
Riard now plans to focus on Bitcoin Core development, but warned of upcoming challenges for the major cryptocurrency ecosystem:
“On the other hand, to fully explain why such changes are needed for the sake of lightning and good design, we would probably need to conduct a complete actual and critical attack on ~5,355 public BTC ecosystems. It’s a tough dilemma. It could be A Lesson in Bitcoin Protocol Deployment(…)”
Magazine: Recursive Inscription—Bitcoin “Supercomputer” and BTC DeFi Coming Soon
Svlook
