Two Bitcoin researchers claimed that they found a way to steal funds on the Lightning Network. In an article titled “Raid and Plunder: A Systematic Attack on the Lightning Network,” researchers Jona Harris and Aviv Zohar claimed that in a possible attack, 'hackers' could take advantage of a 'bottleneck' in the system to empty the wallets.
Bitcoin Lightning Network is a payment channel on the Bitcoin blockchain. It promises to make transactions cheaper and faster. Since a transaction takes a long time to be fully approved, this work is partially done on the Lightning Network. Users in the network can send their payments through intermediate nodes. These nodes can also try to steal Bitcoins, but when this is done, the time will be very tight. To expand this time, attackers can increase the load by filling the network.
Aviv Zohar's tweet:
Raid and Plunder: Our article evaluating a systemic attack on # LightningNetwork is now online. With @RealJonaHarris.
“Attack many victims at the same time and then steal money from the chaos that occur”
tldr: attack many victims at once and steal money from channels in the ensuing chaos
Medium post: https://t.co/wA4dVhi7fN
Full Paper: https://t.co/U1Cmd8E2ac
– Aviv Zohar (@ Avivz78) June 28, 2020
How is the attack done?
In the attack defined by Harris, a graduate student at Israel Hebrew University, and Zohar, associate professor, the hackers make requests for the victims' funds simultaneously and create a flood load on the blockchain. Then they can remove the blockage they have created to steal undesired funds before the deadline.
Can it be prevented?
Two researchers discovered that attackers had to attack 85 channels at the same time to earn money. The researchers also showed that it is very easy to find victims that are not suspected. All the vulnerable nodes have to do is be willing to open a channel with an attacker.
"Most of the active nodes (about 95 percent) are willing to channel on demand, and this is enough to make them a victim in the attack," the researchers said in their articles.
So is there a solution for these attacks? Things to be done according to two researchers; Preventing channels, reducing tight spaces, making it difficult for "hackers" to send spam to the network, and finding a way to spot hackers just before the attack.
Regarding the solution ways, the article said, “Of course this is not easy. The weaknesses used are inherent in the Lightning Network. So it's hard to avoid these attacks without making major changes. ” The statement said.