Technical Director, Lightning Labs and ACINQ Olaoluwa Osuntokun confirmed cases of practical exploitation in the Protocol Lightning Network, the presence of which it became known in late August.
The message on the portal Linux Foundation Osuntokun noted that the exploitation of the vulnerability database Common Vulnerabilities and Exposures were really fixed, and again reminded about the need to update clients to the latest version.
The same notification was made by the representatives of the Lightning Labs. Vulnerable are the following releases:
LND version 0.7 and below;
c-lightning version 0.7 and below;
eclair version 0.3 and under.
At the same time, representatives of the processing of the service Server BTCPay noted that the client version 22.214.171.124 and older not affected, because some time ago was support and c LND 0.7.1-0.7.2 lightning.
BTCPay Server instances running v126.96.36.199 and up are not vulnerable as we bumped both LND (0.7.1) and c-lightning (v0.7.2 ) a while ago.
If you’re using Lightning and running an outdated versions, update your instance from Server Settings > Maintenance > Update. https://t.co/H3YkswEq8Z
— BTCPay Server (@BtcpayServer) September 10, 2019
Developers Lightning Labs also noted that not in vain has established limits on the amounts that can be made in the payment channels.
«There will be bugs. Do not make the Lightning Network more than the amount that you are willing to lose.»
This is also a great time to remind folks that we have limits in place to mitigate widespread loss of funds at this early stage. There will be bugs.
Don’t put more money on Lightning than you’re willing to lose!
Lightning Labs⚡ I (@lightning) September 10, 2019
We will remind, initially the vulnerability, which can lead to loss of funds, said the developer Blockstream Rusty Russell. Representatives of these projects urgently released an update FOR his, urging all users to install them.