The newly discovered flaw allows hackers to steal funds from the Lightning channel, potentially impacting the future p2p package relay.
Blockchain security developer Antoine Riard stepped back from the development of the Lightning Network shortly after a new severe vulnerability was found in the layer-2 payment protocol.
In a report published on Github, Riard outlined the scenario of stealing funds from the Lightning Network by exploiting “replacement cycling attacks,” a type of attack where malicious actors can replace an unconfirmed transaction with a different transaction.
Although “low-hanging fruit mitigations” can harden the deployment of these attacks, the new class of replacement cycling attacks “puts lightning in a very perilous position,” Riard noted. According to the developer, only a “sustainable fix,” such as a “consensus upgrade” in the Bitcoin network, can solve the issue.
However, Riard admitted that no replacement cycling attacks had been observed or reported for the past ten months.
“While neither replacement cycling attacks have been observed or reported in the wild since the last ~10 months or experimented in real-world conditions on bitcoin mainet, functional test is available exercising the affected lightning channel against bitcoin core mempool.”Antoine Riard
As the issue has yet to be resolved for this case, Riard said he is halting his involvement with the development of the Lightning Network, including “coordinating the handling of security issues at the protocol level.” In the meantime, the developer plans to focus more on developing the Bitcoin core.
The Bitcoin blockchain can only handle around seven transactions a second when the network performs at optimum speeds. However, this can be lower during periods of higher demand. This is where the Lightning Network comes in.
The Lightning Network is a secondary layer on top of the Bitcoin blockchain to improve scalability. It takes some transaction load off the Bitcoin blockchain, helping to ensure faster processing. Since its launch, Lightning Network has helped ease the transaction load on the Proof of Work network.