Lightning Network’s Vulnerability Exposes Users to Loss of Funds

Lightning Network’s Vulnerability Exposes Users to Loss of Funds

A developer of Bitcoin’s Lightning Network, Rusty Russell today, announced that the Network is currently facing some security challenges which “could lead to a loss of funds.” The announcement was made via a blog post on Lightning Network’s Common Vulnerabilities and Exposure page and affected users have been advised to upgrade to a newer version immediately to avoid loss of funds.

Users Should Have Upgraded Since

According to the blog post, more details on the security issues will be announced four weeks from today but everyone on the Lightning Network should have upgraded by then.

The blog post readsSecurity issues have been found in various lightning projects which could cause loss of funds. Full details will be released in 4 weeks (2019-09-27), please upgrade well before then.” A new Lightning Network version 0.72 ‘Nakamoto’s pre-approval by US Congress’ which supposedly does not contain any of these vulnerabilities was released on the 20th of August.

twitter
Source: Twitter

The affected nodes CVE Nodes are:

CVE-2019-12998 c-lightning <0.7.1

CVE 2019-12999 lnd < 0.7

CVE-2019-13000 éclair <= 0.3

A quick search revealed that the affected CVE’s have all been reserved. One of them reads:

“This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided”

No one seems to be sure about what exactly is going on with the Lightning Network and how compromised users might be as Russell says full details of the attack won’t be released until the 27th of September. For now, everyone on the Lightning Network has been advised to upgrade to the uncompromised 0.7.2 version.

Some users on Reddit and Twitter have suggested that the reason behind the surrounding ‘secrecy’ and withholding more information which the network appears to be doing, is to ensure people do not take advantage of or abuse the vulnerability.

Most security updates usually come without more information until a later time, in other to provide the network with sufficient time to solve the problem while also being transparent with users and keeping them out of harm’s way.

Summary
Lightning Network’s Vulnerability Exposes Users to Loss of Funds
Article Name
Lightning Network’s Vulnerability Exposes Users to Loss of Funds
Description
A developer of Bitcoin’s Lightning Network, Rusty Russell today, announced that the Network is currently facing some security challenges which “could lead to a loss of funds.”
Author
Publisher Name
Coingape
Publisher Logo
Coingape is committed to following the highest standards of journalism, and therefore, it abides by a strict editorial policy. While CoinGape takes all the measures to ensure that the facts presented in its news articles are accurate.
Disclaimer The views, opinions, positions or strategies expressed by the authors and those providing comments are theirs alone, and do not necessarily reflect the views, opinions, positions or strategies of CoinGape. Do your market research before investing in cryptocurrencies. The author or publication does not hold any responsibility for your personal financial loss.
Author: Ikpeme Victoria

Victoria is a Nigerian journalist and entrepreneur with a background in Communications. She’s interested in writing about Cryptocurrency, Blockchain and Humans. She owns a tad bit of BTC and ETH and her favorite thing to do is sit by the ocean listening to Beyoncé. You can catch her on Twitter @veekietoria and LinkedIn or mail her at victoria [at] coingape.com

Post your comment...
Ikpeme Victoria 9 Articles

Victoria is a Nigerian journalist and entrepreneur with a background in Communications. She’s interested in writing about Cryptocurrency, Blockchain and Humans. She owns a tad bit of BTC and ETH and her favorite thing to do is sit by the ocean listening to Beyoncé. You can catch her on Twitter @veekietoria and LinkedIn or mail her at victoria [at] coingape.com

Follow Ikpeme @