Lightning Network (LN) node operators that may be running LND versions released before the October 1, 2020 version 0.11 update are now being asked to immediately upgrade their software. This, after a potentially serious vulnerability was recently identified in the source code of the protocol.
According to a report, this particular vulnerability might affect all LND versions 0.10 (and earlier versions). The issue was made public on October 9, 2020 by Lightning Network (LN) protocol engineer Conner Fromknecht, who’s the head of cryptographic engineering at Lightning Labs – which is a company that raised $10 million through a Series A round in May 2020 to build the next generation of decentralized, resilient financial infrastructure.
“While we have no reason to believe these vulnerabilities have been exploited in the wild, we strongly urge the community to upgrade to lnd 0.11.0 or above ASAP.”
“The full details of these vulnerabilities will be disclosed on October 20, 2020. The circumstances surrounding the discovery resulted in a compressed disclosure timeline compared to our usual time frames. We will be publishing more details about this in the coming weeks along with a comprehensive bug bounty program.”
Olaoluwa Osuntokun, CTO at Lightning Labs, has confirmed last year that there had been instances of Common Vulnerabilities and Exposures (CVE) “being exploited in the wild.”
Researchers also cautioned LN users earlier this year that the privacy issues or vulnerabilities in the LN protocol could potentially expose or compromise certain financial details of Bitcoin (BTC) transactions that were private when using the original BTC protocol and blockchain.
At present, Blockstream, Lightning Labs, and ACINQ are the main organizations that are focused on making improvements and updates to the LN protocol.
The LN is not really a new development. Crypto and blockchain developers have been working on the second-layer payment solution for many years and it seems like not much has changed over the past two years.
Andreas Brekken, owner of crypto review website Shitcoin.com, had noted in 2018 that he had been experimenting with Lightning Labs’ LN by staking 35 bitcoins on the network.
Brekken’s fairly stake amount had given him control over 49% of the LN at that time. It was at that point that Brekken realized that it wasn’t too hard to set up an LN node, but he also learned that the LN network was not very efficient or effective at handling BTC transactions. He had provided a detailed report of his findings.
Brekken had noted at that time:
“Sending payments using the Lightning Network is cheaper than the regular Bitcoin network, but suffers from routing errors and wallet bugs that make it impractical even for highly technical users.”
However, there are companies such as OpenNode that continue to work on improving the infrastructure needed to support Bitcoin payments. But even if we don’t use the more technical LN protocol to expedite payments, sending and receiving regular BTC payments is still quite technical for many users.