University of Illinois researchers have discovered a vulnerability in Bitcoin’s most popular second layer scaling protocol, the Lightning Network. Cosimo Sguanci and Anastasios Sidiropoulos published an academic paper describing a hypothetical attack based on a collusion of node operators. At the time of publication, they estimated that a coalition of 30 nodes could steal 750 bitcoin ($17 million).
The researchers explain how a malicious group could control a certain number of nodes and render channels unresponsive in a so-called zombie attack.
- A zombie attack occurs when a set of nodes becomes unresponsive, locking funds in any channel connected to those nodes.
- In order to defend against a zombie attack, honest nodes must close their channels and exit the Lightning Network. This requires high transaction fees to settle onto Bitcoin’s base layer blockchain.
- The researchers called zombie attacks a form of vandalism. It renders Lightning Network channels unusable and congests Bitcoin’s throughput.
Zombie attacks have some elements in common with griefing attacks, in which a digital asset network gets spammed by “nuisance” transactions or invalid challenges.
Like griefing attacks, zombie attacks appear to serve no purpose other than driving up transaction fees and frustrating senders of legitimate transactions. They can also frustrate owners of legitimate nodes who lose the fees they earn from servicing Lightning Network transactions.
Researchers describe another Lightning Network vulnerability
The researchers also described another vector for attacking Bitcoin’s Lightning Network: a coordinated, double-spend attack.
This attack would also require collusion between several dozen large nodes. This attack attempts to overload Bitcoin’s base layer blockchain by submitting a flood of fraudulent closing transactions for a large number of Lightning Network channels. If the attackers paid high fees and jumped ahead in the queue, they might be able to double-spend bitcoin.
To defend against this mass double-spend attack, honest nodes would have to submit so-called justice transactions, disputing fraudulent channel closing requests.
In this way, the attackers would race against honest nodes to convince Bitcoin miners to include their fraudulent transactions before the justice transactions. If honest nodes could not pay miners enough to include their justice transactions first, the attackers would win.
Watchtowers are critically important to Lightning Network security
The double-spend attack requires a poorly maintained configuration of one’s Lightning Network watchtower. Watchtowers log the state of the publicly viewable Lightning Network at all times. Watchtowers are designed to store data that is used in justice transactions to prove that someone lied or signed a fraudulent channel closing request.
The Lightning Network Daemon (LND) includes an optional private altruistic watchtower that users can configure manually. These watchtowers will return the victim’s funds without taking an extra cut ⏤ besides the transaction fee ⏤ if they detect a possible attack. A Lightning Network development team is also working on reward watchtowers that will collect additional fees for performing even more duties.
The researchers modeled the effectiveness of a mass exit attack by graphing historical congestion on the Bitcoin network. They theorized that a mass exit attack during a congestion spike that started on December 7, 2017 would have had devastating effects on its victims.
Researchers flag problems, encourage better security practices
In conclusion, the researchers believe that both Lightning Network vulnerabilities are unresolved today. In terms of priority, a mass double-spend attack is more likely to be profitable than a zombie attack.
The research paper warned that the severity of a mass double-spend attack will escalate as the Lightning Network matures. Victims would lose more funds, channels would experience lengthier delays, and the reputation of the protocol would risk jeopardy.
The researchers suggested defenses like increasing the to_safe_delay variable in watchtower configurations, which adds extra fees for waiting longer if a user decides to close a channel without any response from their counterparty.
The researchers also recommended reconfiguring watchtowers to monitor Bitcoin’s mempool for adversarial transactions.
The paper suggested a more detailed study of the two types of mass exit attacks. To their credit, the University of Illinois researchers indeed found a previously undetected vulnerability in Bitcoin’s Lightning Network. Their research will help to improve the open source protocol, thousands of node operators, and millions of users.