A Second Lightning Network Exploit by ‘Burak’ Has Occured
In less than a month, Bitcoin’s Lightning Network has twice experienced downtime. The exploit was initiated by a single user who had a non-standard Bitcoin transaction included in a block, which led to a consensus conflict. The user is popularly known as “Burak” on crypto Twitter, with the Twitter handle @brqgoo.
According to rumors, Burak paid $700 to F2Pool, one of the largest Bitcoin mining pools, to insert his non-standard transaction into one of F2Pool’s blocks. In the transaction, he embedded a message which read “you’ll run CLN and you’ll be happy.” CLN stands for Core Lightning Network, and is a Lightning Network implementation and an alternative to LND, Lightning Network Daemon. Burak’s exploit affected only LND nodes while CLN nodes were unaffected.
Burak’s attack on LND is the second in a month. In October, Burak tweeted “I just did a 998-of-999 tapscript multisig, and it only cost $4.90 in transaction fees.” The transaction Burak referred to in his tweet unsynced Lightning Network, which made Lightning Network miss producing one block.
Accompanying Burak’s second attack a day ago is a tweet he made which read “sometimes to find the light, we must first touch the darkness.” He has been labeled as a malicious attacker in some quarters while others see him as a regular guy stress-testing and exposing the weakness of the Lightning Network. Rene Pickhardt, a Bitcoin and Lightning Network developer and educator, said that while he ran only CLN nodes, which were unaffected, the attack showed that there is no guarantee that CLN nodes could not be exploited in the future due to bugs which may not be apparent at the moment.
Ouch! The power of hackers…
Today we witness why developers often say using the #LightningNetwork is #reckless.
While I am happy today to run CLN I cannot guarantee there won't be bugs either that could be exploited.
Good luck everyone! https://t.co/aqvsUwr5yt
— Rene Pickhardt (@renepickhardt) November 1, 2022
Lighting Labs, developers of the Lightning Network and its related software, quickly acknowledged the bug which led to Burak's exploit and released a hotfix within hours on Lightning Labs Github.
What is Lightning Network and Why is it Important for Bitcoin?
The Lightning Network is Bitcoin’s scalability solution. Over the years, as Bitcoin gained popularity, the Bitcoin network became slow, and the transaction fees got high. To allow Bitcoin to scale (process a higher number of transactions per second with lower fees), the Lightning Network was developed. The Lightning Network is a Layer-2 scaling solution. In blockchain technology, Layer-2 solutions are built on top of the main blockchain network but are not an inherent part of it.
The Lightning Network is built on top of the Bitcoin network and is separate from the Bitcoin network but interacts with it. With the Lightning Network, transactions can be conducted between parties off the blockchain. These “off the blockchain” transactions are also called off-chain transactions. It is estimated that the Lightning Network can process millions of transactions per second; Bitcoin can process a maximum of seven transactions per second.
On the Bitcoin network, each block contains a limited number of transactions. When the current block is full, incoming transactions are queued to be added to subsequent blocks. The next available block could “arrive” in a few minutes, hours or even days. In cases where the queue is large, transactions on the network take much time before it is their turn to be added to a block. This has caused latency in the Bitcoin network and has hampered the possibility of Bitcoin becoming a widely used medium of exchange.
On the Lightning Network, transactions are processed via peer-to-peer payment channels. Each payment channel acts as a ledger; payment channels keep records of transactions between two parties until the channel closes. When a transaction is initiated on the Lightning Network, the main blockchain records the opening of the payment channel. Multiple transactions can be performed on an open payment channel without the need to interact with the main blockchain. The payment channel keeps a record of all transactions and creates a balance sheet. The payment channel can then be closed at any time by either party of the peer-to-peer transaction. On the closure of the payment channel, the main blockchain records the final value in the balance sheet, after it has been validated by miners.
In the Lightning Network Layer-2 solution, only the opening and closing of a payment channel are recorded on the blockchain. The Lightning Network is still being improved upon. Fast transaction processing and low fees provided by Layer-2 blockchain solutions are very vital for the mass adoption of cryptocurrencies.