A security hole in various versions of bitcoin’s Lightning Network software has been discovered and disclosed by developers. This could cause users to lose money if not updated. Bug that could cause loss of bitcoin disclosed by Lightning Network Developers.
If or how many users were affected, or bitcoin lost, remains uncertain.
Osuntokun warned in a developer mailing list:
“We’ve confirmed instances of the CVE being exploited in the wild.”
Adding that multiple Lightning node versions should be updated immediately, as they are vulnerable.
The goal of Lightning is to allow nearly minimal cost transactions with an experimental layer-two solution. This would make ordinary transactions, such as coffee purchases, feasible with bitcoin. Unfortunately, like any other code-based financial product, the presence of the bug proves the technology still has to be refined.
In the original post, Russell said:
“Security issues have been found in various lightning projects which could cause loss of funds……Full details will be released in 4 weeks (2019-09-27), please upgrade well before then.”
Osuntokun highlighted the fact that Lightning is still in its early stage:
“We’d also like to remind the community that we still have limits in place on the network to mitigate widespread funds loss……and please keep that in mind when putting funds onto the network at this early stage.”
Bug that could cause loss of bitcoin disclosed by Lightning Network Developers. Lightning Labs gave the cautionary advice even on the social networking website, Twitter. It reminded users that there is a possibility of losing their funds on the network. The tweet reads: “Don’t put more money on Lightning than you’re willing to lose!”
The affected versions of Bitcoin’s Lightning Network software include the following:
- LND releases 0.70 and below
- C-Lightning 0.70 and below
- éclair 0.3 and below