Bitcoin developer Antoine Riard has announced that he has discovered a major security vulnerability in the Bitcoin Lightning Network (LN). The vulnerability, known as “breach cycle attacks,” affects a key component called Hash Time Locked Contracts (HTLC) and poses a risk to the security of funds on the network. Despite the critical security vulnerability being exposed, no real-world attack linked to this vulnerability has been detected in the past 10 months.
Bitcoin developer Antoine Riard has identified a significant security vulnerability in the Bitcoin Lightning Network, a Layer 2 solution aimed at increasing transaction speeds in the Bitcoin blockchain. Riard shared the details of the vulnerability in a warning note published last week.
The security vulnerability, known as “breach cycle attacks,” potentially compromises the security of funds flowing through the Lightning Network. In theory, sophisticated attackers could carry out a transaction relay attack and target a crucial Lightning Network component called Hash Time Locked Contracts (HTLC). The goal of such an attack would be to disrupt the normal flow of transactions, causing delays or preventing them from being executed as expected. This could lead to a potential loss of funds in the network’s channels.
While the security vulnerability is concerning for the Bitcoin community, no verified real-world attack targeting this vulnerability has been detected so far. Riard stated that there is no evidence of such an attack in the past 10 months based on observational data. In his warning, he said, “No breach cycle attacks have been observed, reported, or tested under real-world conditions on the Bitcoin mainnet for approximately the last 10 months.”
Riard also mentioned that he has shared the security vulnerability with Lightning developers, and mitigation steps have been taken through patch updates distributed to major Lightning Network applications such as Eclair, LND, and C-Lightning. However, he expressed concerns about the protective measures of these patch updates against more advanced forms of attacks.
According to the Bitcoin developer, the impact of this security vulnerability could extend beyond the Lightning Network. Riard’s report suggests that the vulnerability could affect several other Bitcoin protocols and applications, including coinjoins, peerswap, and batch payouts.
End of Research on the Lightning Network
Meanwhile, Riard, who first uncovered the critical security vulnerability, also announced that he is discontinuing his research on the Lightning Network. In a note, he wrote, “From now on, I am ceasing my involvement in the development of the Lightning Network and its applications, including coordinating the addressing of security issues at the protocol level.”
