On September 18, a Redditor posted to the r/bitcoin forum and explained how he discovered a way to “attack [the] lightning Network’s custodial services.” The Reddit account called “Reckless Satoshi” wished to find out if a “discrepancy between real routing fees and service’s transaction fee can be exploited for a profit.” The researcher disclosed that he wanted to see how large the damage could be and said “it is bad.”
6 Lightning Network Custodial Services Attacked, Researcher Discloses Findings to Offenders Prior to Public Disclosure
A Redditor called Reckless Satoshi released a disclosure post on r/bitcoin this past Saturday and divulged how he had actually discovered a vulnerability with routing costs and a few of the Lightning Network’s custodial services. The research attack was done in good faith and after it was complete he disclosed the bugs to the offending services before publishing his findings. Reckless Satoshi utilized the Lightning Network (LN) attack on 6 various services consisting of Bitfinex, Muun, Okex, Lnmarkets, Southxchange, and Walletofsatoshi.
Reckless Satoshi said the attack was “cheap, but not free,” and a “simple attack.” After transferring funds into the custodial services, Reckless Satoshi utilized “a node that will be routing the payments between the custodial service and the receiving node.”
“If a positive net return is possible, then it is just a matter of optimizing the size of the fee collected and the transaction speed rate to see how big the damage could be,” Reckless Satoshi added. “It is easy to see how this attack must be feasible on any service with [a] free withdrawal fee.”
Reckless Satoshi likewise released his attack to the code repository website Github. After discussing how he positioned a node in the middle, the scientist included:
This is one of the simplest attacks. In truth, the only LN attack I can think about, however likewise I am simply a beginner in the procedure of knowing. I assume there are people out there much more capable of conducting this research. Who understands, possibly there have actually been substantial losses in the past that stay concealed.
Lightning Network Total Value Locked at $112 Million, Up Over 100% Since the End of July
The visitors who read Reckless Satoshi’s forum thread thanked him for conducting the research and disclosing the bugs to specific custodial LN providers. “I’m glad to see that people are not hacking/exploiting the system just for malicious purposes or to make quick profit out of it,” a specific composed in action to the disclosure. Moreover, a number of Redditors discussing Reckless Satoshi’s findings argued over what they should call the attack.
At the time of composing, the Lightning Network has actually seen its overall worth locked (TVL) slide by 9.3% throughout the last 24 hr. However, since July 20, 2021, the LN TVL jumped over 100% from $56 million that day to today’s (2,600+ BTC) $112 million TVL held in the Lightning Network. Much of the 9.3% TVL slide on LN is because of the current crypto market thrashing on Monday early morning, September 20, as the crypto economy has moved 9% in worth throughout the last 24 hr.
