Lightning Network is vulnerable to DdoS attack - Research
|- The researchers revealed a major vulnerability of the Lightning Network.
- The attack is fairly easy to implement, both technically and financially.
A new vulnerability discovered in the Lightning Network. The cost of the attack does not exceed $2000.
Researchers discovered that the Lightning Network is vulnerable to DoS attacks. At this stage, they are very easy to implement, and may result in slowing down or even stopping 80% of all transactions, they warned.
The vulnerability was described by Saar Tochner, Aviv Zohar (Hebrew University of Jerusalem) and Stefan Schmid (University of Vienna).
"This paper identified a novel attack on off-chain networks which introduces an interesting tradeoff both for an attacker as well as the rational defender. We have demonstrated the feasibility of this attack on different networks and provided the first analysis," they wrote.
Lightning payment passes through a network of nodes before it is received by the recipient. If one of the nodes belongs to an attacker, it may slow down the payment processing. For a successful attack, it is allegedly necessary to open several payment channels, promise zero commissions and then fail to transfer payments.
By analyzing the principle of payment routing of different Lightning clients, an attacker can make his nodes more attractive, and thus ensuring that payments are cleared with them.
According to the estimates, the cost of an attack on 80% of all transactions will be $2000, the bad guys will have to install about 20 payment channels.
"We find that by creating 5 new channels, an attacker can hijack about 65% of the routs, and with 30 channels, it can hijack 80% of the routs of every implementation.
It is a rather dangerous attack, according to Lightning Labs developer Alex Bosworth. However, the routing system in the LND client is constantly changing, making it a "moving target."
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers.