Lighting Network Security Issues

[ChiBitCTy]

Interesting article put out by Forbes that discusses some recently discovered LN issues. They haven’t released specifics yet due to not wanting others to exploit these issues, however it mentions the importance of having updated nodes or else you’re risking the loss of your coins. It also mentions to make sure you keep the eclair app updated, which I can attest first hand that if it’s not it won’t properly function.

Curious as to what the issue is. Here’s the link - https://www.forbes.com/sites/billybambrough/2019/09/01/bitcoin-warning-as-serious-security-vulnerabilities-uncovered/amp/

[Pmalek]

We will have to wait until 27 September to find out what vulnerabilities they discovered. The article doesn't mention any recommendations or warnings to users to stop using eclair for the time being so we can assume that as long as you keep everything up to date there shouldn't be major reasons for concern.

[Carlton Banks]

it sounds like a protocol level flaw, as all clients were affected (at least both c-lightning and lnd anyway)

but we don't know yet, the c-lightning team and the lnd team released fixed clients, then waited, then made an announcement that a flaw exists, but not the details of the flaw. this is the most responsible way to handle it, as many people (including myself) had already upgraded their Lightning daemon anyway.


There's no evidence that any funds have been stolen using the still-not-public flaw, so any tangible fallout from this event should be minimal to none.