Lightning Network vulnerable to attack Flood & Loot, which can devastate bitcoin wallets
Two professionals involved in the study of bitcoin, said that he had found a way to steal coins from the network Lightning.
In the article «Flood & Loot: A Systematic Attack On the Lightning Network», devoted to the study of systematic attacks on the Lightning Network, the researchers Jon Harris and Aviv Zohar of the Hebrew University of Jerusalem, Israel, found that attackers can exploit weaknesses in the system to withdraw funds from the wallets.
How does the Lightning attack on the Network?
Lightning Bitcoin Network is a payment Protocol that is running on the Bitcoin blockchain. It’s intended to make transactions quicker and cheaper due to their partial confirmation, since confirmation of a complete transaction can take a long time.
Lightning Network users can send payments through intermediary nodes. While these sites may try to steal bitcoins, but they will have only a short period of time. However, hackers can increase the time interval by resorting to flood.
In the attack, described the two researchers, «the attacker makes the victims at the same time to send to the blockchain a lot of applications to receive their funds. Then he can use the resulting overload to steal funds that were not claimed before the deadline».
Is it possible to prevent the attack?
The researchers found that the attacker must attack with 85 channels at the same time to earn money. To find a victim easily enough. All affected nodes must be «ready to open the canal» with the intruder.
«We found that the vast majority of active sites (~95%) are ready to open a channel on request, and therefore at risk of becoming victims of our attack,» they wrote.
How to solve the problem? Should be used to close the channels, eliminate weaknesses, to complicate spamming for hackers to develop a way to detect hackers before the attack.
However, they also added:
«We believe that the use of vulnerability was largely associated with the way [the work Lightning], and therefore it is impossible to completely avoid the attack without major changes».
Before publishing the study, the authors shared the results of working with developers of the three main versions of Lightning. Also have to figure out whether it is possible to develop protection from attack.