Square developer finds Bitcoin Lightning Exploit

In a thread that spanned both Bitcoin Lightning and the Bitcoin developer mailing lists, Matt Corallo, co-founder of Blockstream - and more recently Square Crypto Hire - revealed a potential attack vector from Lightning Network.

The Lightning Network, which acts as the second layer for the scaling problem, aims to improve the privacy, speed and cost of Bitcoin transactions. However, as the development is not yet complete, some problems are gradually emerging.

When considering a new aspect of the Lightning Network transaction mechanism, Corallo encountered an exploit that would theoretically allow users to extract funds held under the hash-time-locked contract or HTLC.

HTLCs are essentially smart contracts that require payees to confirm the transaction by generating cryptographic evidence of the payment or by completely foregoing the ability to request payment. If payment is not confirmed, the sender can request a refund.

The attack allows recipients to refuse to send this refund to the sender. Corallo suggests several corrections for this, but also says that none of them are particularly simple or “reasonable”.

Nonetheless, the developer notes that this is not an urgent problem as it is impractical to pull off the exploit. But given that only a tenth of the Lightning Network nodes contain 80 percent of Bitcoin , the exploit could cause more problems than initially thought.

Corallo's unveiling takes place just a few weeks after several researchers uncovered fundamental privacy flaws within the Bitcoin Lightning Network. After numerous attacks on the network, the researchers were able to analyze transaction movements and amounts as well as their senders and recipients.

At this point, however, one should not forget that the Bitcoin Lightning Network is still under development. It will probably take a few more years before you can speak of a secure and user-friendly protocol.