A preferred funds community working atop the bitcoin blockchain suffered from a long-standing code vulnerability – one the place attackers might drain customers’ of their cash.
While initially flagged to the general public on Aug. 30 by bitcoin developer Rusty Russell, the complete disclosure detailing how this vulnerability may very well be exploited by an attacker was launched Friday.
“An attacker can claim to open a [lighting payments] channel but either not pay to the peer, or not pay the full amount,” Russell wrote within the full disclosure.
The lightning community is a Layer 2 funds protocol enabling ultra-fast and practically costless transactions atop the bitcoin blockchain. In order for customers to ship transactions throughout the lightning community, they need to open what are known as “payments channels” to ship and obtain funds from different lightning customers.
Without the right checks, an attacker might faux to open a brand new funds channel and ship faux transactions. Being duped, an trustworthy consumer might then ship again actual cash to the attacker not understanding the earlier transactions had been fully synthetic. It’s unclear what number of customers fell sufferer to such assaults.
Already, all main lightning software program purchasers have been upgraded to repair this vulnerability, in accordance with Russell.
When requested why it took three months for the vulnerability to be disclosed to customers, Pierre-Marie Padiou – the CEO of a company sustaining one of many three hottest lightning implementations – mentioned builders needed to err on the aspect of warning.
“The problem with this vulnerability is that once you know about it, it seems so obvious,” mentioned Padiou. “Three months is not a long time. It’s a pretty short time because you have to give users the amount of time needed to update. … A lot of users don’t do it.”
Lightning builders, he added, didn’t need to threat revealing the vulnerability till completely positive no customers have been in danger.
“There are always problems. Even on the bitcoin protocol, there have been bugs,” Padiou mentioned, including:
“There will always be bugs. What matters the most is how to handle this in the best way to protect users.”
Your Opinion Matters
Total Score
Your feedback is important to us to improve our services. We constantly seek feedback to improve and evolve our service, whilst identifying opportunities to assist clients in realising their business objectives.
User Rating: 5 ( 4 votes)
Comentarios