Fun

Custodial Lightning Network Service Attack Discovered by LN ‘Newbie’ — Hacker Strikes 6 LN Custodians

News Feed - 2021-09-21 06:09:52

Custodial Lightning Network Service Attack Discovered by LN "Newbie" — Hacker Strikes 6 LN Custodians


On September 18, a Redditor posted to the r/bitcoin forum and explained how he discovered a way to “attack [the] lightning Network’s custodial services.” The Reddit account dubbed “Reckless Satoshi” wanted to figure out if a “discrepancy between real routing fees and service’s transaction fee can be exploited for a profit.” The researcher disclosed that he wanted to see how large the damage could be and said “it is bad.” 6 Lightning Network Custodial Services Attacked, Researcher Discloses Findings to Offenders Prior to Public Disclosure


A Redditor called Reckless Satoshi published a disclosure post on r/bitcoin this past Saturday and disclosed how he had found a vulnerability with routing fees and some of the Lightning Network’s custodial services. The research attack was done in good faith and after it was complete he disclosed the bugs to the offending services before publishing his findings. Reckless Satoshi used the Lightning Network (LN) attack on six different services including Bitfinex, Muun, Okex, Lnmarkets, Southxchange, and Walletofsatoshi. The Reddit post published by Reckless Satoshi on September 18, 2021.


Reckless Satoshi said the attack was “cheap, but not free,” and a “simple attack.” After depositing funds into the custodial services, Reckless Satoshi used “a node that will be routing the payments between the custodial service and the receiving node.” The attack’s parameters according to the Github code published by Reckless Satoshi.


“If a positive net return is possible, then it is just a matter of optimizing the size of the fee collected and the transaction speed rate to see how big the damage could be,” Reckless Satoshi added. “It is easy to see how this attack must be feasible on any service with [a] free withdrawal fee.”


Reckless Satoshi also published his attack to the code repository site Github. After explaining how he placed a node in the middle, the researcher added: This is one of the simplest attacks. In fact, the only LN attack I can think of, but also I am just a newbie in the process of learning. I assume there are people out there much more capable of conducting this research. Who knows, maybe there have been sizable losses in the past that remain undisclosed. Lightning Network Total Value Locked at $112 Million, Up Over 100% Since the End of July


The visitors who read Reckless Satoshi’s forum thread thanked him for conducting the research and disclosing the bugs to specific custodial LN providers. “I’m glad to see that people are not hacking/exploiting the system just for malicious purposes or to make quick profit out of it,” an individual wrote in response to the disclosure. Moreover, a number of Redditors discussing Reckless Satoshi’s findings argued over what they should call the attack. The Lightning Network total value locked (TVL) on Monday, September 20, 2021, according to defipulse.com stats.


At the time of writing, the Lightning Network has seen its total value locked (TVL) slide by 9.3% during the last 24 hours. However, since July 20, 2021, the LN TVL jumped over 100% from $56 million that day to today’s (2,600+ BTC) $112 million TVL held in the Lightning Network. Much of the 9.3% TVL slide on LN is due to the recent crypto market rout on Monday morning, September 20, as the crypto economy has slid 9% in value during the last 24 hours.


What do you think about the Lightning Network attack described by the Redditor Reckless Satoshi? Let us know what you think about this subject in the comments section below. Largest NFT Market by Volume Opensea Launches Smartphone Application NEWS | 11 hours ago JPMorgan Strategist Estimates Ether"s Fair Value at $1,500 Amid Competition From "Ethereum Killers" NEWS | 16 hours ago Tags in this story $112M TVL, 6 offenders, Attack, BitFinex, bug, Hacker, lightning network, ln, LN bug, LN hack, LN Newbie, LN Services, Lnmarkets, Muun, Node in the middle, Okex, Profit, Reckless Satoshi, Routing fees, Southxchange, The Lightning Network, Vulnerability, Walletofsatoshi.


Image Credits: Shutterstock, Pixabay, Wiki Commons, defipulse.com Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article. Read disclaimerShow comments

News Feed

Derek Andersen3 hours agoVoyager customers targeted by scammers during 30-day withdrawal period: ReportPhony websites offered customers a premium for claiming through them. In reality, they drained customers’ wallets.9
Brayden Lindrea5 hours agoBitcoin pioneer Hal Finney can’t be Satoshi Nakamoto, new analysis suggestsThe investigator, Jameson Lopp, compiled archived emails from 2010, data from a 10-mile race in California in 2009 an
‘Persistent inflation’ will be key in Bitcoin’s run to $200K — Crypto fund manager
Ivan Zhelev5 hours ago‘Persistent inflation’ will be key in Bitcoin’s run to $200K — Crypto fund manager“Unsustainable budget deficits” and “persistent inflation” have HashKey Capital analysts predicting
Moledao Launches Pioneering Web 3.0 Hackathon on the Metaverse
Moledao Launches Pioneering Web 3.0 Hackathon on the Metaverse press release PRESS RELEASE. Moledao, a social platform for blockchain enthusiasts, announced today its upcoming Web 3
‘DNA-of-Things’ Technology Can Store Bitcoin Passwords in Everyday Objects
‘DNA-of-Things’ Technology Can Store Bitcoin Passwords in Everyday Objects Talk of bitcoin passwords being encoded and stored in synthetic DNA is not new, but in a recent dev
Binance Sued by CFTC for Alleged Violations of Trading and Derivatives Rules
Binance Sued by CFTC for Alleged Violations of Trading and Derivatives Rules The world’s largest crypto exchange by trade volume, Binance Holdings Ltd., has been sued by the
Mastercard Files 15 Trademark Applications for a Wide Range of Metaverse, NFT Services
Mastercard Files 15 Trademark Applications for a Wide Range of Metaverse, NFT Services Mastercard has filed 15 trademark applications covering a wide range of services relating to
Bitcoin’s Mining Difficulty Taps a Lifetime High, Glassnode Says BTC Miners Remain ‘Under Immense Pressure’
Bitcoin"s Mining Difficulty Taps a Lifetime High, Glassnode Says BTC Miners Remain "Under Immense Pressure" On Sunday, Nov. 20, 2022, Bitcoin’s difficulty rise erased the re
Best Cryptocurrencies to Buy as Trump’s WLFI Increases Holdings in $WBTC and $MOVE
Este artículo también está disponible en español. World Liberty Financial, Trump’s crypto company, is making moves again. It
Are politicians using crypto to influence the US elections?
Andrew Singer8 hours agoAre politicians using crypto to influence the US elections?In a fraught election year, crypto-user demographics are aligning with those of highly sought “swing voters,” says a TCU researcher.6
0 Security Breach. 0 Token Loss.
0 Security Breach. 0 Token Loss.BigONE is a global cryptocurrency trading and custody platform founded in 2017, clad in four principles – Integrity, Security, Professionalism,
Hashflow (HFT) Announces the List on Cryptocurrency Trading Platform MEXC and Binance on November 7
Hashflow (HFT) Announces the List on Cryptocurrency Trading Platform MEXC and Binance on November 7 press release PRESS RELEASE.MEXC Global will list Hashflow on November 7, 13:00(U