Bitcoin’s Lightning Network is being attacked

A handful of developers reported lightning nodes crashing, temporarily stopping them from sending payments using the technology designed for faster, cheaper bitcoin transactions.

The Lightning micropayment network has faced a strong DDoS attack in the end of march, which resulted in about 200 nodes being disabled. Crypto-enthusiasts attribute responsibility for the attack to the supporters of the failed SegWit2x fork.

The number of working nodes in the Lightning Network decreased from 1050 to 870, meaning that the DDoS attack resulted in failure of 20% of LN nodes.

The DDoS attack was revealed by Alex Bosworth, one of the Lightning Network developers. Lightning nodes are getting DDOS’ed, rumor is that someone from the 2x effort known as “BitPico” has taken credit for this.

The development comes as more and more users have started using lightning network to send real payments – albeit with some bumps along the way – and just a couple weeks after Lightning Labs, one of several startups building open-source lightning implementations, was the first to launch its product into live beta.

The attacks were a strange incident in that user funds were safe and money wasn’t being stolen. In fact, those, including bitPico, who are attacking the network might even be losing money.

Zero-day vulnerabilities are security holes that aren’t known to developers of a project. Usually, they are exploited by hackers in the hopes of stealing data before the vulnerability is patched.

But bitPico’s attacks, which started about 10 days ago, are all about stress-testing the software before more people start using it. And bitPico’s plan seems to be working – to a degree.

According to bitPico, 22 different attack vectors have been found, and the pseudonymous user plans to continue the attacks for another couple of weeks.

According to the owners of Lightning Network nodes, the attack was performed through the request of as many connections as possible. Thus the nodes are not able to open real new channels.

It is unknown who stands behind the BitPico group. BitPico became widely known last autumn when the organizers canceled the SegWit2x fork. BitPico group of an unknown number of bitcoin miners published a hostile letter, claiming to launch the SegWit2x fork despite its cancellation. They claimed that they owned about 30% of the capacity of the entire bitcoin network.

But the crypto community doubted that Bitpico had such computational power. BitPico accounts on GitHub and BitCoinTalk were created in September 2017, and in mid-September BitPico themselves claimed to own not 30%, but about 1.62% of the bitcoin network capacity.

But the attacks are ongoing, propagated by users like bitPico opening tiny payment channels – which they have to pay a fee for opening. (This is one way attackers are probably losing money in DoSing the network – though it costs less than a penny to do so.)

This is a problem in that the Lightning Labs client, for one, doesn’t yet allow nodes to disconnect from these spammy channels, thus slowing them down.

In the future, Bosworth hopes the Lightning Labs implementation will allow users to disconnect from suspect peers.

All this goes to show that while the lightning network is ready for real money for the first time – a big step, to be sure – there’s still a number of smaller issues that need to be resolved before it will be ready for everyday, non-technical users.

Leave a Reply

Your email address will not be published. Required fields are marked *