LIGHTNING ATTACKED: 'You can lose all your Bitcoin' | Micky

   2019-09-11 00:09

Lightning Labs has warned users they face the loss of all of their Bitcoin if they use the Lightning Network currently.

“Don’t put more money Lightning than you’re willing to lose” is not a message that inspires confidence among users or adoption from new users.

But that’s exactly what Lightning Labs tweeted just hours ago an ominous warning to users.



They also said: “This is also a great time to remind folks that we have limits in place to mitigate widespread funds loss at this early stage. There will be bugs.”

How it went down

The struggling Lightning Network is a second layer solution that allows users to send money instantly and with low fees off the main Bitcoin blockchain.

Back on August 30, a message from Lightning dev Rusty Russell went out to a developer mailing list warning that multiple Lightning node versions were vulnerable and needed to be updated immediately:

“Security issues have Security issues have been found in various lightning projects which
could cause loss of funds.

Full details will be released in 4 weeks (2019-09-27), please uprade well before then.”

He didn’t reveal the exact details of the vulnerability to avoid tipping off malicious actors, but apparently they didn’t have too.

CTO of Lightning Labs admits exploits

Olaoluwa Osuntokun, CTO of startup Lightning Labs

Olaoluwa Osuntokun, CTO of startup Lightning Labs

Olaoluwa Osuntokun, CTO of startup Lightning Labs

In the past 24 hours Olaoluwa Osuntokun, CTO of startup Lightning Labs, has confirmed that the vulnerability has been exploited a number of times with a consequent loss of funds.

“We’ve confirmed instances of the CVE being exploited in the wild,” he wrote.

If you’re not on the following versions of either of these implementations (these
versions are fully patched), then you need to upgrade now to avoid risk of funds loss:
* lnd v0.7.1 — anything 0.7 and below is vulnerable
* c-lightning v0.7.1 — anything 0.7 and below is vulnerable
* eclair v0.3.1 — anything 0.3 and below is vulnerable”

No details are yet available on how many users have been affected or how much funds have been stolen.

However, Lightning is still in its infancy with very little staked (and terrible returns), so it’s unlikely to be a huge amount at this stage.


Original Source


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin10,145 0.09 % 2.75 % 2.43 %
Ethereum217.44 0.25 % 5.05 % 20.25 %
XRP0.2954 0.09 % 0.40 % 16.33 %
Bitcoin Cash317.87 0.15 % 2.58 % 5.92 %
Litecoin75.49 0.06 % 1.46 % 9.10 %
EOS3.910 0.08 % 0.57 % 4.63 %
Tether0.9996 0.07 % 0.07 % 0.17 %
Binance Coin21.29 0.47 % 2.56 % 2.38 %
Bitcoin SV122.55 0.33 % 1.68 % 3.12 %
Cardano0.05202 0.36 % 0.39 % 14.69 %
Stellar0.07872 0.96 % 5.33 % 41.26 %
Monero76.46 0.26 % 2.76 % 1.99 %
TRON0.01735 0.18 % 2.16 % 17.14 %
LEO Token1.080 0.36 % 1.05 % 1.37 %
Huobi Token4.090 0.29 % 0.81 % 0.78 %
Dash97.47 1.12 % 6.36 % 14.88 %
Tezos1.070 0.41 % 2.72 % 5.59 %
OKB2.760 0.11 % 0.30 % 0.62 %
IOTA0.2923 0.93 % 3.92 % 23.48 %
Cosmos3.190 1.00 % 3.61 % 2.32 %