Researchers at the Hebrew University found that "a systematic attack on the Lightning Network can steal funds locked in payment channels." Through this attack, "the attackers force many victims to immediately cash out their funds to the network."
Lightning Network is vulnerable to systematic Flood & Loot attacks
However, supporters of the Lightning Network (LN) believe that 2020 is not an ideal year for the stagnant BTC expansion problem. The second layer of the network, the off-chain payment solution Lightning Network, was initially stolen from the LN torch during the development of the new year. Soon after, a company dedicated to building a capital channel system admitted that it wanted LN to be "like Visa." Shortly after celebrating its 5th anniversary, university researchers from Luxembourg, Norway, the United Kingdom, and the United States concluded that privacy deficiencies are unique to its design.
Then recently, Square Crypto open source engineer Matthew Corallo disclosed an attack on the lightning network, which is equivalent to "a new method of stealing money from LN nodes." Last month, the Ethereum DeFi project was found to hold 4 times the amount of BTC locked in the Lightning Network. One of the most famous password debit card service providers BitPay announced that they will not support the second layer solution (Lightning Network). If this is not enough to explain the dilemma of the Lightning Network this year, early this month, the Bitcoin core developer connected to the chaincode laboratory demonstrated a time expansion attack. The developer said: "It seems that it is currently the most practical way to steal funds through the Eclipse attack. The reason is because it does not require computing power to access attacks, nor just attacks against merchants."
Lightning Network
"A topology example showing the attacker's node and the channel he shares with the victim", excerpted from "Flood & Loot: System Attacks on the Lightning Network".
Now, researchers from the Hebrew University of Jerusalem, Jona Harris (Master of Science) and Aviv Zohar, associate professors in the School of Engineering and Computer Science (also the chief scientist of qd-it), have published the latest research, showing the lightning network Vulnerability, they call it "Flood & Loot attack". "The consequences of the attack depend on the choice of the Lightning Network attacker and the way the Lightning Network is implemented, Harris and Zohar explained, showing that "if there are 85 channels that are simultaneously attacked, it is enough to ensure that the attacker succeeds in the attack and obtains funds for the Lightning Channel. (And this assumes that there is no other blockchain space for competition-in fact, this is already a very optimistic assumption."
They warned cautiously that their "attack may lead to the theft of innocent users' funds. It is best not to try to use the Lightning Network." And unfortunately, there has been no obvious change to the protocol to completely eliminate it. Currently, the results of this work have been shared with the developers of the three main Lightning implementations. ," Haris and Zohar further pointed out. In essence, they follow the Hash Time-Locked contract (HTLC), control two nodes, and load them with HTLC payment. When the attacker requests funds transfer, they will be rejected. HTLC has this Many unresolved payments, no matter how hard the victim tries to reduce them, are unlikely to recover the funds.
The development problems of the Lightning Network are frequent, and the launch of large-scale applications is still far away.
Sources would be welcome.