- Lightning developers have discovered a vulnerability in the project’s node software.
- The vulnerability does not seem to have been exploited yet.
- More details will be revealed by developers in the coming weeks.
Share this article
Developers have found a new vulnerability in the Bitcoin Lightning Network’s node software, according to a recently published disclosure notice.
Few Details Have Been Revealed
Lightning developer Conner Fromknecht disclosed the issue on Oct. 9 on the project’s mailing lists. The disclosure advises node operators to upgrade their software as soon as possible.
It is not clear how serious the vulnerability is. The disclosure does not reveal how the potential exploit works, though it does suggest that the vulnerability has not been exploited “in the wild. Furthermore, the bug has already been fixed: version 0.11 of the Lightning Network software solves the problem and was released in late August, which means that many Lightning node operators have already installed the fix.
However, the team notes that the vulnerability was discovered in such a way that the disclosure process has been shortened. Full details about the bug will be released on Oct. 20.
Lightning Labs also says that it will begin a “comprehensive bug bounty program” in the near future, meaning that there will be monetary rewards for those who discover future bugs.
Lightning Network Security in Question
The Lightning Network is a still-developing layer-2 payment protocol that operates on top of Bitcoin, enabling faster and cheaper transactions on the network.
This is the second time a vulnerability has been discovered in Lightning’s node software. Last year, Bitcoin developer Rusty Russell found a separate vulnerability that allowed attackers to steal funds by sending invalid transactions. Though Lightning Labs never announced how many users fell victim to the exploit, the team confirmed that the vulnerability was indeed exploited “in the…